STRLCPY/linux-smart-enumeration

Merge branch 'master' of github.com:diego-treitos/linux-smart-enumeration
Diego Blanco committed 2 years ago

ca9dd66c

2 parents
3b4b4fe6
192920a7

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

■ ■ ■ ■ ■ ■

cve/cve-2021-3156.sh

1	+	#!/bin/posh
2	+	# shellcheck disable=1003,1091,2006,2016,2034,2039
3	+	# vim: set ts=2 sw=2 sts=2 fdm=marker fmr=#(,#) et:
4	+	#
5	+	# doc:
6	+	#
7	+	# Copy this file to a new one with the same name of the cve to test, all in
8	+	# lowercase (i.e.: cve-2014–6271.sh).
9	+	# Then add the code for the functions shown here. ALL functions must appear
10	+	# in the new created file, however the ones marked as 'optional' can be left
11	+	# with the same code than in 'skel.sh'. Inside the function, declare all the
12	+	# variables as 'local' (i.e.: local vuln_version="1.2.3")
13	+	#
14	+	# NOTE: You can use here, functions and variables implemented in 'lse.sh':
15	+	# * lse_get_pkg_version: Get package version supplying package name
16	+	# * lse_is_version_bigger: Check if version in $1 is bigger than the $2
17	+	# * $lse_arch: System architecture
18	+	# * $lse_distro_codename: The linux distribution code name (ubuntu, debian,
19	+	# opsuse, centos, redhat, fedora)
20	+	# * $lse_linux: Kernel version
21	+	# * Colors
22	+	# XXX: Check the definitions in 'lse.sh' to better understand what they do and
23	+	# how they work
24	+	#
25	+	################################################################################
26	+	## RULES:
27	+	## * Do NOT cause any harm with the tests
28	+	## * Try to be as accurate as possible, trying to detect patched versions from
29	+	## distro package versions. Try to minimize false positives.
30	+	## * The script must be POSIX compliant. Test it with 'posh' shell.
31	+	################################################################################
32	+
33	+
34	+	# lse_cve_level: 0 if leads to a privilege escalation; 1 for other CVEs
35	+	lse_cve_level=0
36	+
37	+	# lse_cve_id: CVE id in lowercase (i.e.: cve-2014–6271)
38	+	lse_cve_id="cve-2021-3156"
39	+
40	+	# lse_cve_description: Short. Not more than 52 characters long.
41	+	#__________________="vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv"
42	+	lse_cve_description="Sudo Baron Samedit vulnerability"
43	+
44	+	# Code retrieved with 'declare -f' by the packaging bash script
45	+	lse_cve_test() { #(
46	+	local vulnerable=false
47	+	local sudo
48	+	local sudo_version
49	+	local v2
50	+	local package_version
51	+	local package_fixed
52	+	local distro_release
53	+	sudo="$(command -v sudo)"
54	+	if [ -n "$sudo" ]; then
55	+	vulnerable=true
56	+	sudo_version="$(sudo --version \| head -n1 \| cut -d ' ' -f 3)"
57	+	v2="$(echo "$sudo_version" \| cut -d. -f2)"
58	+	package_version="$(lse_get_pkg_version sudo)"
59	+	# only 1.8.2 to 1.8.31p2 is vulnerable
60	+	if lse_is_version_bigger 1.8.2 "$sudo_version"; then
61	+	exit 1
62	+	fi
63	+	if [ "$v2" = 8 ] && lse_is_version_bigger "$sudo_version" 1.8.31p2; then
64	+	exit 1
65	+	fi
66	+	# only 1.9.0 to 1.9.5p1 is vulnerable
67	+	if lse_is_version_bigger "$sudo_version" 1.9.5p1; then
68	+	exit 1
69	+	fi
70	+	case "$lse_distro_codename" in
71	+	ubuntu)
72	+	[ -r "/etc/os-release" ] && distro_release=$(grep -E '^VERSION_CODENAME=' /etc/os-release \| cut -f2 -d=)
73	+	case "$distro_release" in
74	+	precise)
75	+	package_fixed="1.8.3p1-1ubuntu3.10"
76	+	;;
77	+	trusty)
78	+	package_fixed="1.8.9p5-1ubuntu1.5+esm6"
79	+	;;
80	+	xenial)
81	+	package_fixed="1.8.16-0ubuntu1.10"
82	+	;;
83	+	bionic)
84	+	package_fixed="1.8.21p2-3ubuntu1.4"
85	+	;;
86	+	focal)
87	+	package_fixed="1.8.31-1ubuntu1.2"
88	+	;;
89	+	groovy)
90	+	package_fixed="1.9.1-1ubuntu1.1"
91	+	;;
92	+	esac
93	+	;;
94	+	esac
95	+	if [ -n "$package_fixed" ] && [ -n "$package_version" ] && ! lse_is_version_bigger "$package_fixed" "$package_version"; then
96	+	exit 1
97	+	fi
98	+	fi
99	+	$vulnerable && echo "Vulnerable! sudo version: $sudo_version"
100	+	} #)
101	+

■ ■ ■ ■ ■ ■

cve/cve-2021-4034.sh

		skipped 50 lines
51	51		local package_fixed
52	52		pkexec=$(command -v pkexec)
53	53		package_version=$(lse_get_pkg_version polkit)
54		-	if [ -n "$pkexec" ]; then
	54	+	if [ -n "$pkexec" ] && test -n "$(find "$pkexec" -perm -u+s)"; then
55	55		vulnerable=true
56	56		pkexec_version=$(pkexec --version \| grep -Eo '[0-9\.]+')
57	57		if lse_is_version_bigger "$pkexec_version" 0.120 ; then
		skipped 50 lines
108	108		;;
109	109		esac
110	110		;;
111		-	#TODO: Add Fedora, RedHat and other distros, although their info about patches is very poor
	111	+	fedora)
	112	+	[ -r "/etc/os-release" ] && distro_release=$(grep -E '^VERSION_ID=' /etc/os-release \| cut -f2 -d=)
	113	+	case "$distro_release" in
	114	+	34)
	115	+	package_fixed="0.117-3.fc34.2"
	116	+	;;
	117	+	35)
	118	+	package_fixed="0.120-1.fc35.1"
	119	+	;;
	120	+	esac
	121	+	;;
	122	+	#TODO: Add RedHat and other distros, although their info about patches is very poor
112	123		esac
113	124		if [ -n "$package_fixed" ] && [ -n "$package_version" ] && ! lse_is_version_bigger "$package_fixed" "$package_version"; then
114	125		# Not Vulnerable
		skipped 9 lines

■ ■ ■ ■ ■ ■

lse.sh

		skipped 625 lines
626	626		centos\|redhat\|fedora\|opsuse\|rocky)
627	627		pkg_version=`rpm -q "$pkg_name" 2>/dev/null`
628	628		pkg_version="${pkg_version##$pkg_name-}"
	629	+	pkg_version=`echo $pkg_version \| sed -E 's/\.(aarch64\|armv7hl\|i686\|noarch\|ppc64le\|s390x\|x86_64)$//'`
629	630		;;
630	631		*)
631	632		return 2
		skipped 904 lines

Merge branch 'master' of github.com:diego-treitos/linux-smart-enumeration