-
Notifications
You must be signed in to change notification settings - Fork 578
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
9ca3a9d
commit bd771f4
Showing
1 changed file
with
85 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,85 @@ | ||
| #!/bin/posh | ||
| # shellcheck disable=1003,1091,2006,2016,2034,2039 | ||
| # vim: set ts=2 sw=2 sts=2 fdm=marker fmr=#(,#) et: | ||
| # | ||
| # doc: | ||
| # | ||
| # Copy this file to a new one with the same name of the cve to test, all in | ||
| # lowercase (i.e.: cve-2014–6271.sh). | ||
| # Then add the code for the functions shown here. **ALL** functions must appear | ||
| # in the new created file, however the ones marked as 'optional' can be left | ||
| # with the same code than in 'skel.sh'. Inside the function, declare all the | ||
| # variables as 'local' (i.e.: local vuln_version="1.2.3") | ||
| # | ||
| # NOTE: You can use here, functions and variables implemented in 'lse.sh': | ||
| # * lse_get_pkg_version: Get package version supplying package name | ||
| # * lse_is_version_bigger: Check if version in $1 is bigger than the $2 | ||
| # * $lse_arch: System architecture | ||
| # * $lse_distro_codename: The linux distribution code name (ubuntu, debian, | ||
| # opsuse, centos, redhat, fedora) | ||
| # * $lse_linux: Kernel version | ||
| # * Colors | ||
| # XXX: Check the definitions in 'lse.sh' to better understand what they do and | ||
| # how they work | ||
| # | ||
| ################################################################################ | ||
| ## RULES: | ||
| ## * Do NOT cause any harm with the tests | ||
| ## * Try to be as accurate as possible, trying to detect patched versions from | ||
| ## distro package versions. Try to minimize false positives. | ||
| ## * The script must be POSIX compliant. Test it with 'posh' shell. | ||
| ################################################################################ | ||
|
|
||
|
|
||
| # lse_cve_level: 0 if leads to a privilege escalation; 1 for other CVEs | ||
| lse_cve_level=0 | ||
|
|
||
| # lse_cve_id: CVE id in lowercase (i.e.: cve-2014–6271) | ||
| lse_cve_id="cve-2022-25636" | ||
|
|
||
| # lse_cve_description: Short. Not more than 52 characters long. | ||
| #__________________="vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv" | ||
| lse_cve_description="Netfilter linux kernel vulnerability" | ||
|
|
||
| lse_cve_test() { #( | ||
| local kernel | ||
| local kernel_distro | ||
| kernel=$(uname -r | cut -d- -f1) | ||
| kernel_distro=$(uname -r) | ||
|
|
||
| if lse_is_version_bigger "5.4" "$kernel" || lse_is_version_bigger "$kernel" "5.6.10" | ||
| then | ||
| # Not vulnerable | ||
| exit 1 | ||
| else | ||
| # Possibly vulnerable | ||
| local vulnerable=true | ||
| fi | ||
|
|
||
| case "$lse_distro_codename" in | ||
| debian|ubuntu) | ||
| [ -r "/etc/os-release" ] && distro_release=$(grep -E '^VERSION_CODENAME=' /etc/os-release | cut -f2 -d=) | ||
| case "$distro_release" in | ||
| focal) | ||
| package_fixed="5.4.0-104.118" | ||
| ;; | ||
| impish) | ||
| package_fixed="5.13.0-35.40" | ||
| ;; | ||
| bullseye) | ||
| package_fixed="5.10.103-1" | ||
| ;; | ||
| *) # Other releases not vulnerable | ||
| package_fixed="0" | ||
| ;; | ||
| esac | ||
| esac | ||
| if [ -n "$package_fixed" ] && ! lse_is_version_bigger "$package_fixed" "$kernel_distro"; then | ||
| # Not Vulnerable | ||
| exit 1 | ||
| fi | ||
|
|
||
| if $vulnerable; then | ||
| echo "$kernel_distro" | ||
| fi | ||
| } #) |