Newer
Older
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
linux-exploit-suggester.sh v1.1 [2020-01-07]
o Add more reliable DISTRO version detection (based on /etc/*-release files)
o Added following exploits:
+ add SystemTap exploit (CVE-2010-4170) (#46) [bcoles]
+ add abrt/sosreport-rhel7 exploit (#48) [bcoles]
+ add Return of the WIZard (exim) (CVE-2019-10149) (#54) [bcoles]
+ Add Serv-U FTP Server exploit (CVE-2019-12181) (#58) [bcoles]
+ Add PTRACE_TRACEME (CVE-2019-13272) (#61) [bcoles]
+ Add ktsuss (CVE-2011-2921) (#62) [bcoles]
+ Add rds_atomic_free_op NULL pointer dereference (CVE-2018-5333) (#67) [bcoles]
+ Add GNU Mailutils maidag url local root (CVE-2019-18862) (#69) [bcoles]
o Added following '--checksec' mode improvements:
+ add detection for kernel.yama.ptrace_scope (#49) [bcoles]
o Rewritten README.md. Displaying exposure (calculted based on rank) instead of raw numeric rank
o '--uname' mode improvement: do tagging and rank calculation also
when LES is run with '--uname' switch. uname string contains
distro name so we're bumping rank (+1) for each exploit that is
known run on given distro. Also rank is bumped when there is
kernel version match (+3).
o Refinements for following exploits:
+ add ntfs-3g version check: pkg=ntfs-3g,ver<2017.4 (#50) [bcoles]
+ update tested package versions for raceabrt (#47) [bcoles]
+ add udev version check pkg=udev,ver<141 (#51) [bcoles]
+ RationalLove fix: libc package is named 'libc6' on Debian/Ubuntu
+ Add nginx version check: pkg=nginx|nginx-full,ver<1.10.3 (#57) [bcoles]
+ rds_atomic_free_op exploit: update targets
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
linux-exploit-suggester.sh v1.0 [2019-03-01]
o Added additional 'Tags' for multiple exploits based on:
+ verifications conducted by bcoles and his notes at: https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/local
+ https://github.com/lucyoa/kernel-exploits
o Added following '--checksec' mode improvements:
+ added checks for all exploitation prevention features recommended by
KSPP Project (http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings)
+ handling situation when no kernel config is present on checked system (putting state 'unknown'
when existence/enablement of the feature can't be determined)
+ support for features that have more then two states possible (e.g. CONFIG_SECCOMP)
o Sorting exploits functionality added. Sorting is done by dynamically calculated rank.
Now most relevant exploits are listed and the top of the listing.
o Added check for Linux Kernel Runtime Guard (LKRG) (#36) [bcoles]
o Added bin-url for msf cross-compiled exploits (#32) [bcoles]
o Added support for pacman packages (#30) [bcoles]
o Improved 'tag matching functionality'
o Added support for additional distros (#29) [bcoles]
o Added following exploits:
+ added dirty_sock exploit (#41) [bcoles]
+ added s-nail-privsep exploit (#39) [bcoles]
+ added subuid_shell (CVE-2018-18955) exploit (#34) [bcoles]
+ added raptor_xorgy exploit (#35) [bcoles]
+ added vpnc_privesc.py (CVE-2018-10900) exploit (#31) [bcoles]
+ added ntfs-3g-modprobe (CVE-2017-0358) exploit (#22) [bcoles]
o Refinements for following exploits:
+ update eBPF_verifier (CVE-2017-16995) (#28)
+ added more specific info for 'dirtycow' exploits
+ updated tags for userhelper and RDS exploits (#25) [bcoles]
+ Changed kernel-exploits.com URLs to archive.org (multiple exploits) (#24) [bcoles]
+ updated 'udev' exploit requirements (#20) [bcoles]
+ added 'src-url' for 'BadIRET' exploit
+ added alternative urls for 'af_packet' and 'NETIF_F_UFO' exploits
o Added this CHANGELOG file to the repository.