mirror of https://gitee.com/openkylin/genmai.git
add CVE-2022-3602
This commit is contained in:
parent
46d3c83ef0
commit
99dd807773
|
@ -636,8 +636,11 @@ int main(void)
|
||||||
size_t early_len;
|
size_t early_len;
|
||||||
ret = SSL_read_early_data(server, early_buf, sizeof(early_buf), &early_len);
|
ret = SSL_read_early_data(server, early_buf, sizeof(early_buf), &early_len);
|
||||||
|
|
||||||
if (ret != SSL_READ_EARLY_DATA_SUCCESS)
|
if (ret != SSL_READ_EARLY_DATA_SUCCESS){
|
||||||
break;
|
break;
|
||||||
|
}else{
|
||||||
|
printf("success")
|
||||||
|
}
|
||||||
} while (1);
|
} while (1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -46,5 +46,5 @@ SiteRequests:
|
||||||
# >?判断条件
|
# >?判断条件
|
||||||
# ??判断程序错误码 eg. "??:0"
|
# ??判断程序错误码 eg. "??:0"
|
||||||
Inter:
|
Inter:
|
||||||
- "??:0"
|
- ">?:success"
|
||||||
Condition: None
|
Condition: None
|
||||||
|
|
|
@ -0,0 +1,105 @@
|
||||||
|
import socket
|
||||||
|
import ssl
|
||||||
|
import sys
|
||||||
|
import warnings
|
||||||
|
import enum
|
||||||
|
import argparse
|
||||||
|
import ipaddress
|
||||||
|
|
||||||
|
warnings.filterwarnings("ignore", category=DeprecationWarning)
|
||||||
|
|
||||||
|
|
||||||
|
TIMEOUT = 0.2
|
||||||
|
|
||||||
|
|
||||||
|
class OpSll(enum.Enum):
|
||||||
|
Error = -1
|
||||||
|
Cert_not_required = 0
|
||||||
|
Cert_required = 1
|
||||||
|
|
||||||
|
def fileload(filename):
|
||||||
|
# This get input from text file and converts to list
|
||||||
|
f= open(filename, "r")
|
||||||
|
content=f.read()
|
||||||
|
f.close()
|
||||||
|
content=content.split("\n")
|
||||||
|
while("" in content):
|
||||||
|
content.remove("")
|
||||||
|
return content
|
||||||
|
|
||||||
|
def Server_Connection_Status(host, port):
|
||||||
|
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||||
|
client.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
||||||
|
client = ssl.wrap_socket(client)
|
||||||
|
|
||||||
|
try:
|
||||||
|
client.connect((host, port))
|
||||||
|
except Exception as e:
|
||||||
|
print(e)
|
||||||
|
return OpSll.Error
|
||||||
|
|
||||||
|
client.settimeout(TIMEOUT)
|
||||||
|
try:
|
||||||
|
client.read(1)
|
||||||
|
|
||||||
|
except ssl.SSLError as err:
|
||||||
|
if "CERTIFICATE_REQUIRED" in str(err):
|
||||||
|
return OpSll.Cert_required
|
||||||
|
except TimeoutError:
|
||||||
|
return OpSll.Cert_not_required
|
||||||
|
|
||||||
|
except Exception as e:
|
||||||
|
return OpSll.Error
|
||||||
|
|
||||||
|
return OpSll.Cert_not_required
|
||||||
|
|
||||||
|
|
||||||
|
def reporting(host, port, status):
|
||||||
|
print('[*] Host information: {0}:{1}'.format(host,port))
|
||||||
|
if OpSll.Cert_not_required == status:
|
||||||
|
print('[+] Status: {0}'.format('Not Vulnerable'))
|
||||||
|
print('[+] Reason: {0}'.format('Client certificate not required!'))
|
||||||
|
|
||||||
|
if OpSll.Cert_required == status:
|
||||||
|
print('[+] Status: {0}'.format('Vulnerable'))
|
||||||
|
print('[+] Reason: {0}'.format('Client certificate is required!'))
|
||||||
|
|
||||||
|
if OpSll.Error == status:
|
||||||
|
print('[-] Status: {0}'.format('Unable to connect'))
|
||||||
|
print('[-] Reason: {0}'.format('Either Host is down or crashed!'))
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# adding argparse modules
|
||||||
|
parser = argparse.ArgumentParser()
|
||||||
|
parser.add_argument("-t","--target", help="Single IP with port separate by colon. Example: -t 192.168.0.3:3000",type=str)
|
||||||
|
parser.add_argument("-T","--targets", help="List of IP and port separate by colon ssin text file",type=str)
|
||||||
|
args = parser.parse_args()
|
||||||
|
if len(sys.argv) < 2:
|
||||||
|
parser.print_help()
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
print('[!] CVE: CVE-2022-3602, CVE-2022-3786')
|
||||||
|
print('[!] This script will detect whether openssl \n[!] server is vulnerable or not based on')
|
||||||
|
print('[!] whether certificated is required by server or not\n')
|
||||||
|
|
||||||
|
info=dict()
|
||||||
|
|
||||||
|
if args.target:
|
||||||
|
ip_list=[args.target]
|
||||||
|
|
||||||
|
if args.targets:
|
||||||
|
ip_list=fileload(args.targets)
|
||||||
|
|
||||||
|
if len(ip_list)==0:
|
||||||
|
print("Required argument:\n-t or -T Single Ip/file with ip list")
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
for host in ip_list:
|
||||||
|
host=host.split(":")
|
||||||
|
res = Server_Connection_Status(host[0],int(host[1]))
|
||||||
|
reporting(host[0],int(host[1]), res)
|
||||||
|
print('\n')
|
||||||
|
|
|
@ -0,0 +1,44 @@
|
||||||
|
FormatVer: 20230308
|
||||||
|
Id: CVE-2022-3602
|
||||||
|
Belong: system
|
||||||
|
PocHazardLevel: low
|
||||||
|
Source: https://github.com/cybersecurityworks553/CVE-2022-3602-and-CVE-2022-3786
|
||||||
|
SiteInfo:
|
||||||
|
Name: Openssl是一个功能极其强大的命令行工具,可以用来完成公钥体系及HTTPS相关的很多任务。
|
||||||
|
Severity: Medium
|
||||||
|
Description:
|
||||||
|
Openssl 3.0.x版本在X.509证书验证过程中存在4个字节的邮箱地址缓存溢出问题,可能导致内存损坏,攻击者可能能够在执行计算的计算机上触发远程代码执行。
|
||||||
|
ScopeOfInfluence:
|
||||||
|
Openssl 3.0.0
|
||||||
|
Openssl 3.0.1
|
||||||
|
Openssl 3.0.2
|
||||||
|
Openssl 3.0.3
|
||||||
|
Openssl 3.0.4
|
||||||
|
Openssl 3.0.5
|
||||||
|
Openssl 3.0.6
|
||||||
|
References:
|
||||||
|
- https://nvd.nist.gov/vuln/detail/cve-2022-3602
|
||||||
|
SiteClassification:
|
||||||
|
CvssMetrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||||
|
CvssScore: 7.5
|
||||||
|
CveId: CVE-2022-3602
|
||||||
|
CweId: CWE-120
|
||||||
|
CnvdId: None
|
||||||
|
KveId: None
|
||||||
|
Tags:
|
||||||
|
- 远程代码执行
|
||||||
|
- 缓存溢出
|
||||||
|
- 拒绝服务
|
||||||
|
SiteRequests:
|
||||||
|
Implement:
|
||||||
|
ImArray:
|
||||||
|
- Inter : python3
|
||||||
|
InterArgs :
|
||||||
|
Exec : CVE-2022-3602.py
|
||||||
|
Args :
|
||||||
|
- -t
|
||||||
|
- 127.0.0.1:3000
|
||||||
|
ExpireTime: 15
|
||||||
|
Inter:
|
||||||
|
- ">?:Vulnerable"
|
||||||
|
Condition: None
|
|
@ -0,0 +1,2 @@
|
||||||
|
se tw=0 stl:%!%0
|
||||||
|
sil0norm0q/
|
|
@ -46,5 +46,6 @@ SiteRequests:
|
||||||
# >?判断条件
|
# >?判断条件
|
||||||
# ??判断程序错误码 eg. "??:0"
|
# ??判断程序错误码 eg. "??:0"
|
||||||
Inter:
|
Inter:
|
||||||
- "??:0"
|
- ">>:whoami"
|
||||||
|
- ">?:root"
|
||||||
Condition: None
|
Condition: None
|
||||||
|
|
|
@ -1,31 +1,32 @@
|
||||||
ConfigFilePrefix: ../data/SystemPocs/
|
ConfigFilePrefix: ../data/SystemPocs/
|
||||||
Type: system
|
Type: system
|
||||||
ExplorerItems:
|
ExplorerItems:
|
||||||
# - ConfigFile: KVE-2022-0206/KVE-2022-0206.yaml
|
- ConfigFile: KVE-2022-0206/KVE-2022-0206.yaml
|
||||||
# - ConfigFile: KVE-2022-0231/KVE-2022-0231.yaml
|
- ConfigFile: KVE-2022-0231/KVE-2022-0231.yaml
|
||||||
# - ConfigFile: KVE-2022-0210/KVE-2022-0210.yaml
|
- ConfigFile: KVE-2022-0210/KVE-2022-0210.yaml
|
||||||
# - ConfigFile: KVE-2022-0207/KVE-2022-0207.yaml
|
- ConfigFile: KVE-2022-0207/KVE-2022-0207.yaml
|
||||||
# - ConfigFile: KVE-2022-0205/KVE-2022-0205.yaml
|
- ConfigFile: KVE-2022-0205/KVE-2022-0205.yaml
|
||||||
# - ConfigFile: CVE-2022-1292/CVE-2022-1292.yaml
|
- ConfigFile: CVE-2022-1292/CVE-2022-1292.yaml
|
||||||
# - ConfigFile: CVE-2021-44142/CVE-2021-44142.yaml
|
- ConfigFile: CVE-2021-44142/CVE-2021-44142.yaml
|
||||||
# - ConfigFile: CVE-2021-3560/CVE-2021-3560.yaml
|
- ConfigFile: CVE-2021-3560/CVE-2021-3560.yaml
|
||||||
# - ConfigFile: CVE-2021-4034/CVE-2021-4034.yaml
|
- ConfigFile: CVE-2021-4034/CVE-2021-4034.yaml
|
||||||
# - ConfigFile: CVE-2021-3156/CVE-2021-3156.yaml
|
- ConfigFile: CVE-2021-3156/CVE-2021-3156.yaml
|
||||||
# - ConfigFile: CVE-2022-0351/CVE-2022-0351.yaml
|
- ConfigFile: CVE-2022-0351/CVE-2022-0351.yaml
|
||||||
# # - ConfigFile: CVE-2023-25136/CVE-2023-25136.yaml //开发完新字段后才能使用
|
# - ConfigFile: CVE-2023-25136/CVE-2023-25136.yaml //开发完新字段后才能使用
|
||||||
# # - ConfigFile: CVE-2023-22809/CVE-2023-22809.yaml //开发完新字段后才能使用
|
# - ConfigFile: CVE-2023-22809/CVE-2023-22809.yaml //开发完新字段后才能使用
|
||||||
# - ConfigFile: CVE-2022-0543/CVE-2022-0543.yaml
|
- ConfigFile: CVE-2022-0543/CVE-2022-0543.yaml
|
||||||
# - ConfigFile: CVE-2021-41773/CVE-2021-41773.yaml
|
- ConfigFile: CVE-2021-41773/CVE-2021-41773.yaml
|
||||||
# - ConfigFile: CVE-2022-0417/CVE-2022-0417.yaml
|
- ConfigFile: CVE-2022-0417/CVE-2022-0417.yaml
|
||||||
# - ConfigFile: CVE-2022-0359/CVE-2022-0359.yaml
|
- ConfigFile: CVE-2022-0359/CVE-2022-0359.yaml
|
||||||
# - ConfigFile: CVE-2022-0413/CVE-2022-0413.yaml
|
- ConfigFile: CVE-2022-0413/CVE-2022-0413.yaml
|
||||||
# - ConfigFile: CVE-2022-0572/CVE-2022-0572.yaml
|
- ConfigFile: CVE-2022-0572/CVE-2022-0572.yaml
|
||||||
# # - ConfigFile: CVE-2022-0629/CVE-2022-0629.yaml //远程模块交互不能执行,后续尝试解决该问题
|
# - ConfigFile: CVE-2022-0629/CVE-2022-0629.yaml //远程模块交互不能执行,后续尝试解决该问题
|
||||||
# - ConfigFile: CVE-2022-0685/CVE-2022-0685.yaml
|
- ConfigFile: CVE-2022-0685/CVE-2022-0685.yaml
|
||||||
# - ConfigFile: CVE-2022-0714/CVE-2022-0714.yaml
|
- ConfigFile: CVE-2022-0714/CVE-2022-0714.yaml
|
||||||
# - ConfigFile: CVE-2022-0729/CVE-2022-0729.yaml
|
- ConfigFile: CVE-2022-0729/CVE-2022-0729.yaml
|
||||||
# - ConfigFile: CVE-2022-1771/CVE-2022-1771.yaml
|
- ConfigFile: CVE-2022-1771/CVE-2022-1771.yaml
|
||||||
# - ConfigFile: CVE-2022-2598/CVE-2022-2598.yaml
|
- ConfigFile: CVE-2022-2598/CVE-2022-2598.yaml
|
||||||
# # - ConfigFile: CVE-2022-2274/CVE-2022-2274.yaml //需要CPU-AVX512IFMA才能认证
|
# - ConfigFile: CVE-2022-2274/CVE-2022-2274.yaml //需要CPU-AVX512IFMA才能认证
|
||||||
# - ConfigFile: CVE-2019-7304/CVE-2019-7304.yaml
|
- ConfigFile: CVE-2019-7304/CVE-2019-7304.yaml
|
||||||
- ConfigFile: CVE-2019-18634/CVE-2019-18634.yaml
|
- ConfigFile: CVE-2019-18634/CVE-2019-18634.yaml
|
||||||
|
- ConfigFile: CVE-2022-3602/CVE-2022-3602.yaml
|
|
@ -3,4 +3,5 @@ requests==2.28.1
|
||||||
dbus-python==1.2.16
|
dbus-python==1.2.16
|
||||||
simplejson==3.16.0
|
simplejson==3.16.0
|
||||||
redis==4.5.1
|
redis==4.5.1
|
||||||
paramiko==2.6.0
|
paramiko==2.6.0
|
||||||
|
pwn==1.0
|
Loading…
Reference in New Issue