Last active
May 10, 2024 14:50
-
-
Save WietseWind/9fe2eda3fece426bf873a4aeb15c4267 to your computer and use it in GitHub Desktop.
Detect CVE-2024-2961 and mitigage (tested: Ubuntu & Debian & Proxmox hosts) - Host / Docker containers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Detect CVE-2024-2961 and mitigage (tested: Ubuntu & Debian & Proxmox hosts) | |
# Wietse Wind 10-05-2024 | |
# Based on the idea from https://raw.githubusercontent.com/mattaperkins/FIX-CVE-2024-2961/main/fix.sh | |
# ^^ Changes I made: auto detect file (several files eligible instead of one) & create back up of patched file | |
# Finds the right file and patches | |
# Safely run again to verify patch | |
# Run on host: | |
# curl https://gist.githubusercontent.com/WietseWind/9fe2eda3fece426bf873a4aeb15c4267/raw/patch.sh | bash | |
# Run on Docker | |
# docker ps -a|rev|cut -d " " -f 1|rev|grep -v NAME|xargs -I___ echo "docker exec -t ___ sh -c 'curl https://gist.githubusercontent.com/WietseWind/9fe2eda3fece426bf873a4aeb15c4267/raw/patch.sh | bash'"|bash | |
# Check for GLIBC | |
# Path to iconv | |
ICONVPATH='/usr/lib/x86_64-linux-gnu/gconv' | |
CHECKGLIBC=`ldd --version | grep GLIBC` | |
SUB="GLIBC" | |
if [[ "$CHECKGLIBC" =~ .*"$SUB".* ]]; then | |
echo Checking for $SUB - $CHECKGLIBC Found. | |
else | |
echo Checking for $SUB - $CHECKGLIBC not found. | |
exit | |
fi | |
if [ -d $ICONVPATH ]; then | |
echo "$ICONVPATH found. " | |
else | |
echo "$ICONVPATH not found please edit." | |
exit | |
fi | |
FILETOPATCH=$(cd /usr/lib/x86_64-linux-gnu/gconv && grep -R configuration /usr/lib/x86_64-linux-gnu/gconv/*|cut -d ":" -f 1|sort|uniq|xargs -I___ grep -EH 'CN-?EXT' ___|cut -d ":" -f 1|sort|uniq|grep -v .bak.) | |
NUMFILES=$(echo $FILETOPATCH|grep /|wc -l) | |
if [ $NUMFILES -lt 1 ]; then | |
echo "No file found to patch" | |
exit | |
fi | |
echo "Continue patching" | |
echo $FILETOPATCH|xargs -I___ echo "grep -v -E 'CN-?EXT' <___ >___.new"|bash | |
echo $FILETOPATCH|xargs -I___ echo "mv -f ___ ___.bak.$(date +%s)"|bash | |
echo $FILETOPATCH|xargs -I___ echo "mv -f ___.new ___"|bash | |
find $ICONVPATH/|grep cache|xargs -I___ rm ___ | |
iconvconfig | |
echo "Done" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment