openkylin
/
genmai
mirror of https://gitee.com/openkylin/genmai.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

add CVE-2022-3602

This commit is contained in:
song 2023-03-29 14:44:07 +08:00
parent 46d3c83ef0
commit 99dd807773
8 changed files with 189 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
data/SystemPocs/CVE-2022-2274/CVE-2022-2274.c
View File

@ -636,8 +636,11 @@ int main(void)
size_t early_len;
ret = SSL_read_early_data(server, early_buf, sizeof(early_buf), &early_len);
if (ret != SSL_READ_EARLY_DATA_SUCCESS)
if (ret != SSL_READ_EARLY_DATA_SUCCESS){
break;
}else{
printf("success")
}
} while (1);
}

2
data/SystemPocs/CVE-2022-2274/CVE-2022-2274.yaml
View File

@ -46,5 +46,5 @@ SiteRequests:
# >?判断条件
# ??判断程序错误码 eg. "??:0"
Inter:
- "??:0"
- ">?:success"
Condition: None

105
data/SystemPocs/CVE-2022-3602/CVE-2022-3602.py Normal file
View File

@ -0,0 +1,105 @@
import socket
import ssl
import sys
import warnings
import enum
import argparse
import ipaddress
warnings.filterwarnings("ignore", category=DeprecationWarning)
TIMEOUT = 0.2
class OpSll(enum.Enum):
Error = -1
Cert_not_required = 0
Cert_required = 1
def fileload(filename):
# This get input from text file and converts to list
f= open(filename, "r")
content=f.read()
f.close()
content=content.split("\n")
while("" in content):
content.remove("")
return content
def Server_Connection_Status(host, port):
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
client = ssl.wrap_socket(client)
try:
client.connect((host, port))
except Exception as e:
print(e)
return OpSll.Error
client.settimeout(TIMEOUT)
try:
client.read(1)
except ssl.SSLError as err:
if "CERTIFICATE_REQUIRED" in str(err):
return OpSll.Cert_required
except TimeoutError:
return OpSll.Cert_not_required
except Exception as e:
return OpSll.Error
return OpSll.Cert_not_required
def reporting(host, port, status):
print('[*] Host information: {0}:{1}'.format(host,port))
if OpSll.Cert_not_required == status:
print('[+] Status: {0}'.format('Not Vulnerable'))
print('[+] Reason: {0}'.format('Client certificate not required!'))
if OpSll.Cert_required == status:
print('[+] Status: {0}'.format('Vulnerable'))
print('[+] Reason: {0}'.format('Client certificate is required!'))
if OpSll.Error == status:
print('[-] Status: {0}'.format('Unable to connect'))
print('[-] Reason: {0}'.format('Either Host is down or crashed!'))
# adding argparse modules
parser = argparse.ArgumentParser()
parser.add_argument("-t","--target", help="Single IP with port separate by colon. Example: -t 192.168.0.3:3000",type=str)
parser.add_argument("-T","--targets", help="List of IP and port separate by colon ssin text file",type=str)
args = parser.parse_args()
if len(sys.argv) < 2:
parser.print_help()
sys.exit(1)
if __name__ == "__main__":
print('[!] CVE: CVE-2022-3602, CVE-2022-3786')
print('[!] This script will detect whether openssl \n[!] server is vulnerable or not based on')
print('[!] whether certificated is required by server or not\n')
info=dict()
if args.target:
ip_list=[args.target]
if args.targets:
ip_list=fileload(args.targets)
if len(ip_list)==0:
print("Required argument:\n-t or -T Single Ip/file with ip list")
sys.exit(1)
for host in ip_list:
host=host.split(":")
res = Server_Connection_Status(host[0],int(host[1]))
reporting(host[0],int(host[1]), res)
print('\n')

44
data/SystemPocs/CVE-2022-3602/CVE-2022-3602.yaml Normal file
View File

@ -0,0 +1,44 @@
FormatVer: 20230308
Id: CVE-2022-3602
Belong: system
PocHazardLevel: low
Source: https://github.com/cybersecurityworks553/CVE-2022-3602-and-CVE-2022-3786
SiteInfo:
Name: Openssl是一个功能极其强大的命令行工具可以用来完成公钥体系及HTTPS相关的很多任务。
Severity: Medium
Description:
Openssl 3.0.x版本在X.509证书验证过程中存在4个字节的邮箱地址缓存溢出问题可能导致内存损坏攻击者可能能够在执行计算的计算机上触发远程代码执行。
ScopeOfInfluence:
Openssl 3.0.0
Openssl 3.0.1
Openssl 3.0.2
Openssl 3.0.3
Openssl 3.0.4
Openssl 3.0.5
Openssl 3.0.6
References:
- https://nvd.nist.gov/vuln/detail/cve-2022-3602
SiteClassification:
CvssMetrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CvssScore: 7.5
CveId: CVE-2022-3602
CweId: CWE-120
CnvdId: None
KveId: None
Tags:
- 远程代码执行
- 缓存溢出
- 拒绝服务
SiteRequests:
Implement:
ImArray:
- Inter : python3
InterArgs :
Exec : CVE-2022-3602.py
Args :
- -t
- 127.0.0.1:3000
ExpireTime: 15
Inter:
- ">?:Vulnerable"
Condition: None

2
data/SystemPocs/CVE-2023-0049/CVE-2023-0049.dat Normal file
View File

@ -0,0 +1,2 @@
se tw=0 stl:%!%0
sil0norm0q/

3
data/SystemPocs/CVE-2023-25136/CVE-2023-25136.yaml
View File

@ -46,5 +46,6 @@ SiteRequests:
# >?判断条件
# ??判断程序错误码 eg. "??:0"
Inter:
- "??:0"
- ">>:whoami"
- ">?:root"
Condition: None

55
data/SystemPocs/SystemPocs.yaml
View File

@ -1,31 +1,32 @@
ConfigFilePrefix: ../data/SystemPocs/
Type: system
ExplorerItems:
# - ConfigFile: KVE-2022-0206/KVE-2022-0206.yaml
# - ConfigFile: KVE-2022-0231/KVE-2022-0231.yaml
# - ConfigFile: KVE-2022-0210/KVE-2022-0210.yaml
# - ConfigFile: KVE-2022-0207/KVE-2022-0207.yaml
# - ConfigFile: KVE-2022-0205/KVE-2022-0205.yaml
# - ConfigFile: CVE-2022-1292/CVE-2022-1292.yaml
# - ConfigFile: CVE-2021-44142/CVE-2021-44142.yaml
# - ConfigFile: CVE-2021-3560/CVE-2021-3560.yaml
# - ConfigFile: CVE-2021-4034/CVE-2021-4034.yaml
# - ConfigFile: CVE-2021-3156/CVE-2021-3156.yaml
# - ConfigFile: CVE-2022-0351/CVE-2022-0351.yaml
# # - ConfigFile: CVE-2023-25136/CVE-2023-25136.yaml //开发完新字段后才能使用
# # - ConfigFile: CVE-2023-22809/CVE-2023-22809.yaml //开发完新字段后才能使用
# - ConfigFile: CVE-2022-0543/CVE-2022-0543.yaml
# - ConfigFile: CVE-2021-41773/CVE-2021-41773.yaml
# - ConfigFile: CVE-2022-0417/CVE-2022-0417.yaml
# - ConfigFile: CVE-2022-0359/CVE-2022-0359.yaml
# - ConfigFile: CVE-2022-0413/CVE-2022-0413.yaml
# - ConfigFile: CVE-2022-0572/CVE-2022-0572.yaml
# # - ConfigFile: CVE-2022-0629/CVE-2022-0629.yaml //远程模块交互不能执行,后续尝试解决该问题
# - ConfigFile: CVE-2022-0685/CVE-2022-0685.yaml
# - ConfigFile: CVE-2022-0714/CVE-2022-0714.yaml
# - ConfigFile: CVE-2022-0729/CVE-2022-0729.yaml
# - ConfigFile: CVE-2022-1771/CVE-2022-1771.yaml
# - ConfigFile: CVE-2022-2598/CVE-2022-2598.yaml
# # - ConfigFile: CVE-2022-2274/CVE-2022-2274.yaml //需要CPU-AVX512IFMA才能认证
# - ConfigFile: CVE-2019-7304/CVE-2019-7304.yaml
- ConfigFile: KVE-2022-0206/KVE-2022-0206.yaml
- ConfigFile: KVE-2022-0231/KVE-2022-0231.yaml
- ConfigFile: KVE-2022-0210/KVE-2022-0210.yaml
- ConfigFile: KVE-2022-0207/KVE-2022-0207.yaml
- ConfigFile: KVE-2022-0205/KVE-2022-0205.yaml
- ConfigFile: CVE-2022-1292/CVE-2022-1292.yaml
- ConfigFile: CVE-2021-44142/CVE-2021-44142.yaml
- ConfigFile: CVE-2021-3560/CVE-2021-3560.yaml
- ConfigFile: CVE-2021-4034/CVE-2021-4034.yaml
- ConfigFile: CVE-2021-3156/CVE-2021-3156.yaml
- ConfigFile: CVE-2022-0351/CVE-2022-0351.yaml
# - ConfigFile: CVE-2023-25136/CVE-2023-25136.yaml //开发完新字段后才能使用
# - ConfigFile: CVE-2023-22809/CVE-2023-22809.yaml //开发完新字段后才能使用
- ConfigFile: CVE-2022-0543/CVE-2022-0543.yaml
- ConfigFile: CVE-2021-41773/CVE-2021-41773.yaml
- ConfigFile: CVE-2022-0417/CVE-2022-0417.yaml
- ConfigFile: CVE-2022-0359/CVE-2022-0359.yaml
- ConfigFile: CVE-2022-0413/CVE-2022-0413.yaml
- ConfigFile: CVE-2022-0572/CVE-2022-0572.yaml
# - ConfigFile: CVE-2022-0629/CVE-2022-0629.yaml //远程模块交互不能执行,后续尝试解决该问题
- ConfigFile: CVE-2022-0685/CVE-2022-0685.yaml
- ConfigFile: CVE-2022-0714/CVE-2022-0714.yaml
- ConfigFile: CVE-2022-0729/CVE-2022-0729.yaml
- ConfigFile: CVE-2022-1771/CVE-2022-1771.yaml
- ConfigFile: CVE-2022-2598/CVE-2022-2598.yaml
# - ConfigFile: CVE-2022-2274/CVE-2022-2274.yaml //需要CPU-AVX512IFMA才能认证
- ConfigFile: CVE-2019-7304/CVE-2019-7304.yaml
- ConfigFile: CVE-2019-18634/CVE-2019-18634.yaml
- ConfigFile: CVE-2022-3602/CVE-2022-3602.yaml

1
src/requirements.txt
View File

@ -4,3 +4,4 @@ dbus-python==1.2.16
simplejson==3.16.0
redis==4.5.1
paramiko==2.6.0
pwn==1.0