Skip to content
Snippets Groups Projects
CHANGELOG 3.61 KiB
Newer Older
mzet's avatar
mzet committed

mzet's avatar
mzet committed
linux-exploit-suggester.sh v1.1 [2020-01-07]

o Add more reliable DISTRO version detection (based on /etc/*-release files)

o Added following exploits:

  + add SystemTap exploit (CVE-2010-4170) (#46) [bcoles]

  + add abrt/sosreport-rhel7 exploit (#48) [bcoles]

  + add Return of the WIZard (exim) (CVE-2019-10149) (#54) [bcoles]

  + Add Serv-U FTP Server exploit (CVE-2019-12181) (#58) [bcoles]

  + Add PTRACE_TRACEME (CVE-2019-13272) (#61) [bcoles]

  + Add ktsuss (CVE-2011-2921) (#62) [bcoles]

  + Add rds_atomic_free_op NULL pointer dereference (CVE-2018-5333) (#67) [bcoles]

  + Add GNU Mailutils maidag url local root (CVE-2019-18862) (#69) [bcoles]

o Added following '--checksec' mode improvements:

  + add detection for kernel.yama.ptrace_scope (#49) [bcoles]

o Rewritten README.md. Displaying exposure (calculted based on rank) instead of raw numeric rank

o '--uname' mode improvement: do tagging and rank calculation also
    when LES is run with '--uname' switch. uname string contains
    distro name so we're bumping rank (+1) for each exploit that is
    known run on given distro. Also rank is bumped when there is
    kernel version match (+3).

o Refinements for following exploits:

  + add ntfs-3g version check: pkg=ntfs-3g,ver<2017.4 (#50) [bcoles]

  + update tested package versions for raceabrt (#47) [bcoles]

  + add udev version check pkg=udev,ver<141 (#51) [bcoles]

  + RationalLove fix: libc package is named 'libc6' on Debian/Ubuntu

  + Add nginx version check: pkg=nginx|nginx-full,ver<1.10.3 (#57) [bcoles]

  + rds_atomic_free_op exploit: update targets

mzet's avatar
mzet committed
linux-exploit-suggester.sh v1.0 [2019-03-01]

o Added additional 'Tags' for multiple exploits based on:

  + verifications conducted by bcoles and his notes at: https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/local

  + https://github.com/lucyoa/kernel-exploits

o Added following '--checksec' mode improvements:

  + added checks for all exploitation prevention features recommended by
    KSPP Project (http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings)

  + handling situation when no kernel config is present on checked system (putting state 'unknown'
    when existence/enablement of the feature can't be determined)

  + support for features that have more then two states possible (e.g. CONFIG_SECCOMP)

o Sorting exploits functionality added. Sorting is done by dynamically calculated rank.
  Now most relevant exploits are listed and the top of the listing.

o Added check for Linux Kernel Runtime Guard (LKRG) (#36) [bcoles]

o Added bin-url for msf cross-compiled exploits (#32) [bcoles]

o Added support for pacman packages (#30) [bcoles]

o Improved 'tag matching functionality'

o Added support for additional distros (#29) [bcoles]

o Added following exploits:

  + added dirty_sock exploit (#41) [bcoles]

  + added s-nail-privsep exploit (#39) [bcoles]

  + added subuid_shell (CVE-2018-18955) exploit (#34) [bcoles]

  + added raptor_xorgy exploit (#35) [bcoles]

  + added vpnc_privesc.py (CVE-2018-10900) exploit (#31) [bcoles]

  + added ntfs-3g-modprobe (CVE-2017-0358) exploit (#22) [bcoles]

o Refinements for following exploits:

  + update eBPF_verifier (CVE-2017-16995) (#28) 

  + added more specific info for 'dirtycow' exploits

  + updated tags for userhelper and RDS exploits (#25) [bcoles]

  + Changed kernel-exploits.com URLs to archive.org (multiple exploits) (#24) [bcoles]

  + updated 'udev' exploit requirements (#20) [bcoles]

  + added 'src-url' for 'BadIRET' exploit

  + added alternative urls for 'af_packet' and 'NETIF_F_UFO' exploits

o Added this CHANGELOG file to the repository.