-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
CHANGELOG
111 lines (59 loc) · 3.61 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
linux-exploit-suggester.sh v1.1 [2020-01-07]
o Add more reliable DISTRO version detection (based on /etc/*-release files)
o Added following exploits:
+ add SystemTap exploit (CVE-2010-4170) (#46) [bcoles]
+ add abrt/sosreport-rhel7 exploit (#48) [bcoles]
+ add Return of the WIZard (exim) (CVE-2019-10149) (#54) [bcoles]
+ Add Serv-U FTP Server exploit (CVE-2019-12181) (#58) [bcoles]
+ Add PTRACE_TRACEME (CVE-2019-13272) (#61) [bcoles]
+ Add ktsuss (CVE-2011-2921) (#62) [bcoles]
+ Add rds_atomic_free_op NULL pointer dereference (CVE-2018-5333) (#67) [bcoles]
+ Add GNU Mailutils maidag url local root (CVE-2019-18862) (#69) [bcoles]
o Added following '--checksec' mode improvements:
+ add detection for kernel.yama.ptrace_scope (#49) [bcoles]
o Rewritten README.md. Displaying exposure (calculted based on rank) instead of raw numeric rank
o '--uname' mode improvement: do tagging and rank calculation also
when LES is run with '--uname' switch. uname string contains
distro name so we're bumping rank (+1) for each exploit that is
known run on given distro. Also rank is bumped when there is
kernel version match (+3).
o Refinements for following exploits:
+ add ntfs-3g version check: pkg=ntfs-3g,ver<2017.4 (#50) [bcoles]
+ update tested package versions for raceabrt (#47) [bcoles]
+ add udev version check pkg=udev,ver<141 (#51) [bcoles]
+ RationalLove fix: libc package is named 'libc6' on Debian/Ubuntu
+ Add nginx version check: pkg=nginx|nginx-full,ver<1.10.3 (#57) [bcoles]
+ rds_atomic_free_op exploit: update targets
linux-exploit-suggester.sh v1.0 [2019-03-01]
o Added additional 'Tags' for multiple exploits based on:
+ verifications conducted by bcoles and his notes at: https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/local
+ https://github.com/lucyoa/kernel-exploits
o Added following '--checksec' mode improvements:
+ added checks for all exploitation prevention features recommended by
KSPP Project (http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings)
+ handling situation when no kernel config is present on checked system (putting state 'unknown'
when existence/enablement of the feature can't be determined)
+ support for features that have more then two states possible (e.g. CONFIG_SECCOMP)
o Sorting exploits functionality added. Sorting is done by dynamically calculated rank.
Now most relevant exploits are listed and the top of the listing.
o Added check for Linux Kernel Runtime Guard (LKRG) (#36) [bcoles]
o Added bin-url for msf cross-compiled exploits (#32) [bcoles]
o Added support for pacman packages (#30) [bcoles]
o Improved 'tag matching functionality'
o Added support for additional distros (#29) [bcoles]
o Added following exploits:
+ added dirty_sock exploit (#41) [bcoles]
+ added s-nail-privsep exploit (#39) [bcoles]
+ added subuid_shell (CVE-2018-18955) exploit (#34) [bcoles]
+ added raptor_xorgy exploit (#35) [bcoles]
+ added vpnc_privesc.py (CVE-2018-10900) exploit (#31) [bcoles]
+ added ntfs-3g-modprobe (CVE-2017-0358) exploit (#22) [bcoles]
o Refinements for following exploits:
+ update eBPF_verifier (CVE-2017-16995) (#28)
+ added more specific info for 'dirtycow' exploits
+ updated tags for userhelper and RDS exploits (#25) [bcoles]
+ Changed kernel-exploits.com URLs to archive.org (multiple exploits) (#24) [bcoles]
+ updated 'udev' exploit requirements (#20) [bcoles]
+ added 'src-url' for 'BadIRET' exploit
+ added alternative urls for 'af_packet' and 'NETIF_F_UFO' exploits
o Added this CHANGELOG file to the repository.