| | 1 | + | #!/bin/posh |
| | 2 | + | # shellcheck disable=1003,1091,2006,2016,2034,2039 |
| | 3 | + | # vim: set ts=2 sw=2 sts=2 fdm=marker fmr=#(,#) et: |
| | 4 | + | # |
| | 5 | + | # doc: |
| | 6 | + | # |
| | 7 | + | # Copy this file to a new one with the same name of the cve to test, all in |
| | 8 | + | # lowercase (i.e.: cve-2014–6271.sh). |
| | 9 | + | # Then add the code for the functions shown here. **ALL** functions must appear |
| | 10 | + | # in the new created file, however the ones marked as 'optional' can be left |
| | 11 | + | # with the same code than in 'skel.sh'. Inside the function, declare all the |
| | 12 | + | # variables as 'local' (i.e.: local vuln_version="1.2.3") |
| | 13 | + | # |
| | 14 | + | # NOTE: You can use here, functions and variables implemented in 'lse.sh': |
| | 15 | + | # * lse_get_pkg_version: Get package version supplying package name |
| | 16 | + | # * lse_is_version_bigger: Check if version in $1 is bigger than the $2 |
| | 17 | + | # * $lse_arch: System architecture |
| | 18 | + | # * $lse_distro_codename: The linux distribution code name (ubuntu, debian, |
| | 19 | + | # opsuse, centos, redhat, fedora) |
| | 20 | + | # * $lse_linux: Kernel version |
| | 21 | + | # * Colors |
| | 22 | + | # XXX: Check the definitions in 'lse.sh' to better understand what they do and |
| | 23 | + | # how they work |
| | 24 | + | # |
| | 25 | + | ################################################################################ |
| | 26 | + | ## RULES: |
| | 27 | + | ## * Do NOT cause any harm with the tests |
| | 28 | + | ## * Try to be as accurate as possible, trying to detect patched versions from |
| | 29 | + | ## distro package versions. Try to minimize false positives. |
| | 30 | + | ## * The script must be POSIX compliant. Test it with 'posh' shell. |
| | 31 | + | ################################################################################ |
| | 32 | + | |
| | 33 | + | |
| | 34 | + | # lse_cve_level: 0 if leads to a privilege escalation; 1 for other CVEs |
| | 35 | + | lse_cve_level=0 |
| | 36 | + | |
| | 37 | + | # lse_cve_id: CVE id in lowercase (i.e.: cve-2014–6271) |
| | 38 | + | lse_cve_id="cve-2021-3156" |
| | 39 | + | |
| | 40 | + | # lse_cve_description: Short. Not more than 52 characters long. |
| | 41 | + | #__________________="vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv" |
| | 42 | + | lse_cve_description="Sudo Baron Samedit vulnerability" |
| | 43 | + | |
| | 44 | + | # Code retrieved with 'declare -f' by the packaging bash script |
| | 45 | + | lse_cve_test() { #( |
| | 46 | + | local vulnerable=false |
| | 47 | + | local sudo |
| | 48 | + | local sudo_version |
| | 49 | + | local v2 |
| | 50 | + | sudo="$(command -v sudo)" |
| | 51 | + | if [ -n "$sudo" ]; then |
| | 52 | + | vulnerable=true |
| | 53 | + | sudo_version="$(sudo --version | head -n1 | cut -d ' ' -f 3)" |
| | 54 | + | v2="$(echo "$sudo_version" | cut -d. -f2)" |
| | 55 | + | # only 1.8.2 to 1.8.31p2 is vulnerable |
| | 56 | + | if lse_is_version_bigger 1.8.2 "$sudo_version"; then |
| | 57 | + | exit 1 |
| | 58 | + | fi |
| | 59 | + | if [ "$v2" = 8 ] && lse_is_version_bigger "$sudo_version" 1.8.31p2; then |
| | 60 | + | exit 1 |
| | 61 | + | fi |
| | 62 | + | # only 1.9.0 to 1.9.5p1 is vulnerable |
| | 63 | + | if lse_is_version_bigger "$sudo_version" 1.9.5p1; then |
| | 64 | + | exit 1 |
| | 65 | + | fi |
| | 66 | + | fi |
| | 67 | + | $vulnerable && echo "Vulnerable! sudo version: $sudo_version" |
| | 68 | + | } #) |
| | 69 | + | |
