crash.software
Projects
Pull Requests
Issues
Builds
linux-smart-enumeration
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY linux-smart-enumeration Commits a68d2119
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■
    cve/README.md
    skipped 40 lines
    41 41  - Debian: [Security Bug Tracker](https://security-tracker.debian.org/tracker/) allows to search for CVEs and patched versions
    42 42  - Ubuntu: [Ubuntu Security CVEs](https://ubuntu.com/security/cves) lists CVEs affecting Ubuntu and patched versions
    43 43  - Fedora: [Koji buildserver](https://koji.fedoraproject.org/koji/) contains a changelog for each package build
     44 +- Red Hat Enterprise Linux: [Red Hat CVE Database](https://access.redhat.com/security/security-updates/#/cve) allows to search for CVEs and patched versions
    44 45  - Amazon Linux: [Amazon Linux Security Center](https://alas.aws.amazon.com/) lists patched versions in their advisories
    45 46   
  • ■ ■ ■ ■ ■ ■
    cve/cve-2021-3156.sh
    skipped 96 lines
    97 97   ;;
    98 98   esac
    99 99   ;;
     100 + redhat)
     101 + [ -r "/etc/os-release" ] && distro_release=$(grep -E '^VERSION_ID=' /etc/os-release | cut -f2 -d=)
     102 + case "$distro_release" in
     103 + 6.*)
     104 + package_fixed="1.8.6p3-29.el6_10.4"
     105 + ;;
     106 + 7.2)
     107 + package_fixed="1.8.6p7-17.el7_2.3"
     108 + ;;
     109 + 7.3)
     110 + package_fixed="1.8.6p7-23.el7_3.3"
     111 + ;;
     112 + 7.4)
     113 + package_fixed="1.8.19p2-12.el7_4.2"
     114 + ;;
     115 + 7.6)
     116 + package_fixed="1.8.23-3.el7_6.2"
     117 + ;;
     118 + 7.7)
     119 + package_fixed="1.8.23-4.el7_7.3"
     120 + ;;
     121 + 7.*)
     122 + package_fixed="1.8.23-10.el7_9.1"
     123 + ;;
     124 + 8.1)
     125 + package_fixed="1.8.25p1-8.el8_1.2"
     126 + ;;
     127 + 8.2)
     128 + package_fixed="1.8.29-5.el8_2.1"
     129 + ;;
     130 + 8.*)
     131 + package_fixed="1.8.29-6.el8_3.1"
     132 + ;;
     133 + *)
     134 + lse_is_version_bigger "$distro_release" 8 && exit 1
     135 + ;;
     136 + esac
     137 + ;;
    100 138   amzn)
    101 139   [ -r "/etc/os-release" ] && distro_release=$(grep -E '^VERSION_ID=' /etc/os-release | cut -f2 -d= | tr -d '"')
    102 140   case "$distro_release" in
    skipped 10 lines
    113 151   exit 1
    114 152   fi
    115 153   fi
    116  - $vulnerable && echo "Vulnerable! sudo version: $sudo_version"
     154 + $vulnerable && echo "Vulnerable! sudo version: ${package_version:-$sudo_version}"
    117 155  } #)
    118 156   
    119 157  # Uncomment this line for testing the lse_cve_test function
    skipped 2 lines
  • ■ ■ ■ ■ ■
    cve/cve-2021-3560.sh
    skipped 82 lines
    83 83   ;;
    84 84   esac
    85 85   ;;
     86 + redhat)
     87 + [ -r "/etc/os-release" ] && distro_release=$(grep -E '^VERSION_ID=' /etc/os-release | cut -f2 -d=)
     88 + case "$distro_release" in
     89 + 8.1)
     90 + package_fixed="0.115-9.el8_1.1"
     91 + ;;
     92 + 8.2)
     93 + package_fixed="0.115-11.el8_2.1"
     94 + ;;
     95 + 8.*)
     96 + package_fixed="0.115-11.el8_4.1"
     97 + ;;
     98 + *)
     99 + lse_is_version_bigger "$distro_release" 8 && exit 1
     100 + ;;
     101 + esac
     102 + ;;
    86 103   rocky)
    87 104   if lse_is_version_bigger 0.113 "$pkexec_version"; then
    88 105   # Not Vulnerable
    skipped 21 lines
    110 127   ;;
    111 128   esac
    112 129   ;;
    113  - #TODO: Add Fedora, RedHat and other distros, although their info about patches is very poor
    114 130   *)
    115 131   # The bug was introduced on version 0.113
    116 132   if lse_is_version_bigger 0.113 "$pkexec_version"; then
    skipped 7 lines
    124 140   exit 1
    125 141   fi
    126 142   fi
    127  - $vulnerable && echo "Vulnerable!"
     143 + $vulnerable && echo "Vulnerable! polkit version: ${package_version:-pkexec_version}"
    128 144  } #)
    129 145   
    130 146  # Uncomment this line for testing the lse_cve_test function
    skipped 2 lines
  • ■ ■ ■ ■ ■ ■
    cve/cve-2021-4034.sh
    skipped 91 lines
    92 92   ;;
    93 93   esac
    94 94   ;;
     95 + redhat)
     96 + [ -r "/etc/os-release" ] && distro_release=$(grep -E '^VERSION_ID=' /etc/os-release | cut -f2 -d=)
     97 + case "$distro_release" in
     98 + 6.*)
     99 + package_fixed="0.96-11.el6_10.2"
     100 + ;;
     101 + 7.3)
     102 + package_fixed="0.112-12.el7_3.1"
     103 + ;;
     104 + 7.4)
     105 + package_fixed="0.112-12.el7_4.2"
     106 + ;;
     107 + 7.6)
     108 + package_fixed="0.112-18.el7_6.3"
     109 + ;;
     110 + 7.7)
     111 + package_fixed="0.112-22.el7_7.2"
     112 + ;;
     113 + 7.*)
     114 + package_fixed="0.112-26.el7_9.1"
     115 + ;;
     116 + 8.1)
     117 + package_fixed="0.115-9.el8_1.2"
     118 + ;;
     119 + 8.2)
     120 + package_fixed="0.115-11.el8_2.2"
     121 + ;;
     122 + 8.4)
     123 + package_fixed="0.115-11.el8_4.2"
     124 + ;;
     125 + 8.*)
     126 + package_fixed="0.115-13.el8_5.1"
     127 + ;;
     128 + *)
     129 + lse_is_version_bigger "$distro_release" 8 && exit 1
     130 + ;;
     131 + esac
     132 + ;;
    95 133   rocky)
    96 134   [ -r "/etc/os-release" ] && distro_release=$(grep -E '^VERSION_ID=' /etc/os-release | cut -f2 -d=)
    97 135   case "$distro_release" in
    skipped 27 lines
    125 163   ;;
    126 164   esac
    127 165   ;;
    128  - #TODO: Add RedHat and other distros, although their info about patches is very poor
    129 166   esac
    130 167   if [ -n "$package_fixed" ] && [ -n "$package_version" ] && ! lse_is_version_bigger "$package_fixed" "$package_version"; then
    131 168   # Not Vulnerable
    132 169   exit 1
    133 170   fi
    134 171   fi
    135  - $vulnerable && echo "Vulnerable!"
     172 + $vulnerable && echo "Vulnerable! polkit version: ${package_version:-pkexec_version}"
    136 173  } #)
    137 174   
    138 175  # Uncomment this line for testing the lse_cve_test function
    skipped 2 lines
  • ■ ■ ■ ■ ■ ■
    cve/cve-2022-0847.sh
    skipped 65 lines
    66 66   debian)
    67 67   # get debian upstream kernel version
    68 68   kernel=$(uname -v | cut -d' ' -f4 | cut -d- -f1)
    69  - if lse_is_version_bigger "$kernel" "5.10.92"; then
    70  - # Not vulnerable
    71  - exit 1
    72  - fi
     69 + lse_is_version_bigger "$kernel" "5.10.92" && exit 1
    73 70   ;;
    74 71   ubuntu)
    75  - if lse_is_version_bigger "$kernel_distro" "5.13.0-35.39"; then
    76  - # Not vulnerable
    77  - exit 1
    78  - fi
     72 + lse_is_version_bigger "$kernel_distro" "5.13.0-35.39" && exit 1
     73 + ;;
     74 + redhat)
     75 + [ -r "/etc/os-release" ] && distro_release=$(grep -E '^VERSION_ID=' /etc/os-release | cut -f2 -d=)
     76 + kernel_package=$(lse_get_pkg_version kernel)
     77 + case "$distro_release" in
     78 + 8.1)
     79 + lse_is_version_bigger 4.18.0-147.64.1.el8_1 "$kernel_package" || exit 1
     80 + ;;
     81 + 8.2)
     82 + lse_is_version_bigger 4.18.0-193.79.1.el8_2 "$kernel_package" || exit 1
     83 + ;;
     84 + 8.4)
     85 + lse_is_version_bigger 4.18.0-305.40.2.el8_4 "$kernel_package" || exit 1
     86 + ;;
     87 + 8.*)
     88 + lse_is_version_bigger 4.18.0-348.20.1.el8_5 "$kernel_package" || exit 1
     89 + ;;
     90 + *)
     91 + lse_is_version_bigger "$distro_release" 8 && exit 1
     92 + ;;
     93 + esac
    79 94   ;;
    80 95   esac
    81 96   
    82 97   # Vulnerable
    83  - echo "$kernel_distro"
     98 + echo "Vulnerable! kernel version: $kernel_distro"
    84 99  } #)
    85 100   
    86 101  # Uncomment this line for testing the lse_cve_test function
    skipped 2 lines
Please wait...
Page is in error, reload to recover