mirror of https://gitee.com/openkylin/genmai.git
add CVE-2022-3602
This commit is contained in:
parent
46d3c83ef0
commit
99dd807773
|
@ -636,8 +636,11 @@ int main(void)
|
|||
size_t early_len;
|
||||
ret = SSL_read_early_data(server, early_buf, sizeof(early_buf), &early_len);
|
||||
|
||||
if (ret != SSL_READ_EARLY_DATA_SUCCESS)
|
||||
if (ret != SSL_READ_EARLY_DATA_SUCCESS){
|
||||
break;
|
||||
}else{
|
||||
printf("success")
|
||||
}
|
||||
} while (1);
|
||||
}
|
||||
|
||||
|
|
|
@ -46,5 +46,5 @@ SiteRequests:
|
|||
# >?判断条件
|
||||
# ??判断程序错误码 eg. "??:0"
|
||||
Inter:
|
||||
- "??:0"
|
||||
- ">?:success"
|
||||
Condition: None
|
||||
|
|
|
@ -0,0 +1,105 @@
|
|||
import socket
|
||||
import ssl
|
||||
import sys
|
||||
import warnings
|
||||
import enum
|
||||
import argparse
|
||||
import ipaddress
|
||||
|
||||
warnings.filterwarnings("ignore", category=DeprecationWarning)
|
||||
|
||||
|
||||
TIMEOUT = 0.2
|
||||
|
||||
|
||||
class OpSll(enum.Enum):
|
||||
Error = -1
|
||||
Cert_not_required = 0
|
||||
Cert_required = 1
|
||||
|
||||
def fileload(filename):
|
||||
# This get input from text file and converts to list
|
||||
f= open(filename, "r")
|
||||
content=f.read()
|
||||
f.close()
|
||||
content=content.split("\n")
|
||||
while("" in content):
|
||||
content.remove("")
|
||||
return content
|
||||
|
||||
def Server_Connection_Status(host, port):
|
||||
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
client.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
||||
client = ssl.wrap_socket(client)
|
||||
|
||||
try:
|
||||
client.connect((host, port))
|
||||
except Exception as e:
|
||||
print(e)
|
||||
return OpSll.Error
|
||||
|
||||
client.settimeout(TIMEOUT)
|
||||
try:
|
||||
client.read(1)
|
||||
|
||||
except ssl.SSLError as err:
|
||||
if "CERTIFICATE_REQUIRED" in str(err):
|
||||
return OpSll.Cert_required
|
||||
except TimeoutError:
|
||||
return OpSll.Cert_not_required
|
||||
|
||||
except Exception as e:
|
||||
return OpSll.Error
|
||||
|
||||
return OpSll.Cert_not_required
|
||||
|
||||
|
||||
def reporting(host, port, status):
|
||||
print('[*] Host information: {0}:{1}'.format(host,port))
|
||||
if OpSll.Cert_not_required == status:
|
||||
print('[+] Status: {0}'.format('Not Vulnerable'))
|
||||
print('[+] Reason: {0}'.format('Client certificate not required!'))
|
||||
|
||||
if OpSll.Cert_required == status:
|
||||
print('[+] Status: {0}'.format('Vulnerable'))
|
||||
print('[+] Reason: {0}'.format('Client certificate is required!'))
|
||||
|
||||
if OpSll.Error == status:
|
||||
print('[-] Status: {0}'.format('Unable to connect'))
|
||||
print('[-] Reason: {0}'.format('Either Host is down or crashed!'))
|
||||
|
||||
|
||||
|
||||
# adding argparse modules
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument("-t","--target", help="Single IP with port separate by colon. Example: -t 192.168.0.3:3000",type=str)
|
||||
parser.add_argument("-T","--targets", help="List of IP and port separate by colon ssin text file",type=str)
|
||||
args = parser.parse_args()
|
||||
if len(sys.argv) < 2:
|
||||
parser.print_help()
|
||||
sys.exit(1)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
print('[!] CVE: CVE-2022-3602, CVE-2022-3786')
|
||||
print('[!] This script will detect whether openssl \n[!] server is vulnerable or not based on')
|
||||
print('[!] whether certificated is required by server or not\n')
|
||||
|
||||
info=dict()
|
||||
|
||||
if args.target:
|
||||
ip_list=[args.target]
|
||||
|
||||
if args.targets:
|
||||
ip_list=fileload(args.targets)
|
||||
|
||||
if len(ip_list)==0:
|
||||
print("Required argument:\n-t or -T Single Ip/file with ip list")
|
||||
sys.exit(1)
|
||||
|
||||
for host in ip_list:
|
||||
host=host.split(":")
|
||||
res = Server_Connection_Status(host[0],int(host[1]))
|
||||
reporting(host[0],int(host[1]), res)
|
||||
print('\n')
|
||||
|
|
@ -0,0 +1,44 @@
|
|||
FormatVer: 20230308
|
||||
Id: CVE-2022-3602
|
||||
Belong: system
|
||||
PocHazardLevel: low
|
||||
Source: https://github.com/cybersecurityworks553/CVE-2022-3602-and-CVE-2022-3786
|
||||
SiteInfo:
|
||||
Name: Openssl是一个功能极其强大的命令行工具,可以用来完成公钥体系及HTTPS相关的很多任务。
|
||||
Severity: Medium
|
||||
Description:
|
||||
Openssl 3.0.x版本在X.509证书验证过程中存在4个字节的邮箱地址缓存溢出问题,可能导致内存损坏,攻击者可能能够在执行计算的计算机上触发远程代码执行。
|
||||
ScopeOfInfluence:
|
||||
Openssl 3.0.0
|
||||
Openssl 3.0.1
|
||||
Openssl 3.0.2
|
||||
Openssl 3.0.3
|
||||
Openssl 3.0.4
|
||||
Openssl 3.0.5
|
||||
Openssl 3.0.6
|
||||
References:
|
||||
- https://nvd.nist.gov/vuln/detail/cve-2022-3602
|
||||
SiteClassification:
|
||||
CvssMetrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||
CvssScore: 7.5
|
||||
CveId: CVE-2022-3602
|
||||
CweId: CWE-120
|
||||
CnvdId: None
|
||||
KveId: None
|
||||
Tags:
|
||||
- 远程代码执行
|
||||
- 缓存溢出
|
||||
- 拒绝服务
|
||||
SiteRequests:
|
||||
Implement:
|
||||
ImArray:
|
||||
- Inter : python3
|
||||
InterArgs :
|
||||
Exec : CVE-2022-3602.py
|
||||
Args :
|
||||
- -t
|
||||
- 127.0.0.1:3000
|
||||
ExpireTime: 15
|
||||
Inter:
|
||||
- ">?:Vulnerable"
|
||||
Condition: None
|
|
@ -0,0 +1,2 @@
|
|||
se tw=0 stl:%!%0
|
||||
sil0norm0q/
|
|
@ -46,5 +46,6 @@ SiteRequests:
|
|||
# >?判断条件
|
||||
# ??判断程序错误码 eg. "??:0"
|
||||
Inter:
|
||||
- "??:0"
|
||||
- ">>:whoami"
|
||||
- ">?:root"
|
||||
Condition: None
|
||||
|
|
|
@ -1,31 +1,32 @@
|
|||
ConfigFilePrefix: ../data/SystemPocs/
|
||||
Type: system
|
||||
ExplorerItems:
|
||||
# - ConfigFile: KVE-2022-0206/KVE-2022-0206.yaml
|
||||
# - ConfigFile: KVE-2022-0231/KVE-2022-0231.yaml
|
||||
# - ConfigFile: KVE-2022-0210/KVE-2022-0210.yaml
|
||||
# - ConfigFile: KVE-2022-0207/KVE-2022-0207.yaml
|
||||
# - ConfigFile: KVE-2022-0205/KVE-2022-0205.yaml
|
||||
# - ConfigFile: CVE-2022-1292/CVE-2022-1292.yaml
|
||||
# - ConfigFile: CVE-2021-44142/CVE-2021-44142.yaml
|
||||
# - ConfigFile: CVE-2021-3560/CVE-2021-3560.yaml
|
||||
# - ConfigFile: CVE-2021-4034/CVE-2021-4034.yaml
|
||||
# - ConfigFile: CVE-2021-3156/CVE-2021-3156.yaml
|
||||
# - ConfigFile: CVE-2022-0351/CVE-2022-0351.yaml
|
||||
# # - ConfigFile: CVE-2023-25136/CVE-2023-25136.yaml //开发完新字段后才能使用
|
||||
# # - ConfigFile: CVE-2023-22809/CVE-2023-22809.yaml //开发完新字段后才能使用
|
||||
# - ConfigFile: CVE-2022-0543/CVE-2022-0543.yaml
|
||||
# - ConfigFile: CVE-2021-41773/CVE-2021-41773.yaml
|
||||
# - ConfigFile: CVE-2022-0417/CVE-2022-0417.yaml
|
||||
# - ConfigFile: CVE-2022-0359/CVE-2022-0359.yaml
|
||||
# - ConfigFile: CVE-2022-0413/CVE-2022-0413.yaml
|
||||
# - ConfigFile: CVE-2022-0572/CVE-2022-0572.yaml
|
||||
# # - ConfigFile: CVE-2022-0629/CVE-2022-0629.yaml //远程模块交互不能执行,后续尝试解决该问题
|
||||
# - ConfigFile: CVE-2022-0685/CVE-2022-0685.yaml
|
||||
# - ConfigFile: CVE-2022-0714/CVE-2022-0714.yaml
|
||||
# - ConfigFile: CVE-2022-0729/CVE-2022-0729.yaml
|
||||
# - ConfigFile: CVE-2022-1771/CVE-2022-1771.yaml
|
||||
# - ConfigFile: CVE-2022-2598/CVE-2022-2598.yaml
|
||||
# # - ConfigFile: CVE-2022-2274/CVE-2022-2274.yaml //需要CPU-AVX512IFMA才能认证
|
||||
# - ConfigFile: CVE-2019-7304/CVE-2019-7304.yaml
|
||||
- ConfigFile: CVE-2019-18634/CVE-2019-18634.yaml
|
||||
- ConfigFile: KVE-2022-0206/KVE-2022-0206.yaml
|
||||
- ConfigFile: KVE-2022-0231/KVE-2022-0231.yaml
|
||||
- ConfigFile: KVE-2022-0210/KVE-2022-0210.yaml
|
||||
- ConfigFile: KVE-2022-0207/KVE-2022-0207.yaml
|
||||
- ConfigFile: KVE-2022-0205/KVE-2022-0205.yaml
|
||||
- ConfigFile: CVE-2022-1292/CVE-2022-1292.yaml
|
||||
- ConfigFile: CVE-2021-44142/CVE-2021-44142.yaml
|
||||
- ConfigFile: CVE-2021-3560/CVE-2021-3560.yaml
|
||||
- ConfigFile: CVE-2021-4034/CVE-2021-4034.yaml
|
||||
- ConfigFile: CVE-2021-3156/CVE-2021-3156.yaml
|
||||
- ConfigFile: CVE-2022-0351/CVE-2022-0351.yaml
|
||||
# - ConfigFile: CVE-2023-25136/CVE-2023-25136.yaml //开发完新字段后才能使用
|
||||
# - ConfigFile: CVE-2023-22809/CVE-2023-22809.yaml //开发完新字段后才能使用
|
||||
- ConfigFile: CVE-2022-0543/CVE-2022-0543.yaml
|
||||
- ConfigFile: CVE-2021-41773/CVE-2021-41773.yaml
|
||||
- ConfigFile: CVE-2022-0417/CVE-2022-0417.yaml
|
||||
- ConfigFile: CVE-2022-0359/CVE-2022-0359.yaml
|
||||
- ConfigFile: CVE-2022-0413/CVE-2022-0413.yaml
|
||||
- ConfigFile: CVE-2022-0572/CVE-2022-0572.yaml
|
||||
# - ConfigFile: CVE-2022-0629/CVE-2022-0629.yaml //远程模块交互不能执行,后续尝试解决该问题
|
||||
- ConfigFile: CVE-2022-0685/CVE-2022-0685.yaml
|
||||
- ConfigFile: CVE-2022-0714/CVE-2022-0714.yaml
|
||||
- ConfigFile: CVE-2022-0729/CVE-2022-0729.yaml
|
||||
- ConfigFile: CVE-2022-1771/CVE-2022-1771.yaml
|
||||
- ConfigFile: CVE-2022-2598/CVE-2022-2598.yaml
|
||||
# - ConfigFile: CVE-2022-2274/CVE-2022-2274.yaml //需要CPU-AVX512IFMA才能认证
|
||||
- ConfigFile: CVE-2019-7304/CVE-2019-7304.yaml
|
||||
- ConfigFile: CVE-2019-18634/CVE-2019-18634.yaml
|
||||
- ConfigFile: CVE-2022-3602/CVE-2022-3602.yaml
|
|
@ -3,4 +3,5 @@ requests==2.28.1
|
|||
dbus-python==1.2.16
|
||||
simplejson==3.16.0
|
||||
redis==4.5.1
|
||||
paramiko==2.6.0
|
||||
paramiko==2.6.0
|
||||
pwn==1.0
|
Loading…
Reference in New Issue