mirror of https://gitee.com/openkylin/genmai.git
增加CVE-2024-3094 poc
This commit is contained in:
chenxinquan
parent
0e8574763e
commit
6fbee44301
|
|
@ -0,0 +1,47 @@
|
|||
#!/bin/bash
|
||||
|
||||
# script to detect CVE-2024-3094
|
||||
|
||||
# original script:
|
||||
# https://www.openwall.com/lists/oss-security/2024/03/29/4
|
||||
|
||||
# modified (fixed and features added) by cyclone
|
||||
# https://github.com/cyclone-github/scripts/blob/main/xz_cve-2024-3094-detect.sh
|
||||
|
||||
# tested on debian
|
||||
|
||||
# https://nvd.nist.gov/vuln/detail/CVE-2024-3094
|
||||
# https://github.com/advisories/GHSA-rxwq-x6h5-x525
|
||||
|
||||
# v1.0.0; 2024-03-29
|
||||
|
||||
#set -eu
|
||||
|
||||
#clear
|
||||
|
||||
#echo "Checking system for CVE-2024-3094 Vulnerability..."
|
||||
#echo "https://nvd.nist.gov/vuln/detail/CVE-2024-3094"
|
||||
|
||||
# find path to liblzma used by sshd
|
||||
# adapted from https://www.openwall.com/lists/oss-security/2024/03/29/4
|
||||
sshd_path=$(whereis -b sshd | awk '{print $2}')
|
||||
path=$(ldd "$sshd_path" 2>/dev/null | grep liblzma | awk '{print $3}' | head -n 1)
|
||||
|
||||
if [ -z "$path" ]; then
|
||||
#echo
|
||||
#echo "Probably not vulnerable (liblzma not found)"
|
||||
echo fail
|
||||
exit
|
||||
fi
|
||||
|
||||
# check for function signature
|
||||
# adapted from https://www.openwall.com/lists/oss-security/2024/03/29/4
|
||||
#echo
|
||||
#echo "Checking for function signature in liblzma..."
|
||||
if hexdump -ve '1/1 "%.2x"' "$path" | grep -q 'f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410'; then
|
||||
#echo "Function signature in liblzma: VULNERABLE"
|
||||
echo successfully
|
||||
else
|
||||
#echo "Function signature in liblzma: OK"
|
||||
echo fail
|
||||
fi
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
FormatVer: 20240330
|
||||
Id: CVE-2024-3094
|
||||
Author: liwenjie@kylinos.cn
|
||||
Belong: system
|
||||
Package: xz-utils
|
||||
BugID:
|
||||
PocHazardLevel: low
|
||||
Source:
|
||||
SiteInfo:
|
||||
Name: liblzma/xz官方库被植入后门漏洞
|
||||
Severity: high
|
||||
Description:
|
||||
xz-utils软件包5.6.0到5.6.1版本中,存在被供应链攻击并植入后门风险(https://www.openwall.com/lists/oss-security/2024/03/29/4)。该后门可能会允许恶意行为者破坏sshd身份验证,从而允许对整个系统进行远程未经授权的访问。
|
||||
ScopeOfInfluence:
|
||||
5.6.0<=xz-utils<=5.6.1
|
||||
References:
|
||||
-
|
||||
SiteClassification:
|
||||
CvssMetrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
CvssScore: 10
|
||||
CveId: None
|
||||
CweId: None
|
||||
CnvdId: None
|
||||
KveId: CVE-2024-3094
|
||||
Tags:
|
||||
- 后门
|
||||
SiteRequests:
|
||||
Implement:
|
||||
ImArray:
|
||||
- inter : bash
|
||||
InterArgs :
|
||||
Exec : CVE-2024-3094.sh
|
||||
ExpireTime: 35 #second
|
||||
|
||||
# < input
|
||||
# > output
|
||||
# . wait
|
||||
# ? condition
|
||||
# : content
|
||||
#
|
||||
#组合起来
|
||||
# >. 等待直到输出
|
||||
# << 输入字符
|
||||
# >?判断条件
|
||||
Inter:
|
||||
- ">?:successfully" #ture
|
||||
Condition: None
|
||||
|
|
@ -33,3 +33,5 @@ ExplorerItems:
|
|||
- ConfigFile: CVE-2023-0054/CVE-2023-0054.yaml
|
||||
- ConfigFile: CVE-2023-0051/CVE-2023-0051.yaml
|
||||
- ConfigFile: CVE-2023-0288/CVE-2023-0288.yaml
|
||||
#
|
||||
- ConfigFile: CVE-2024-3094/CVE-2024-3094.yaml
|
||||
|
|
|
|||
Loading…
Reference in New Issue