Created
April 2, 2024 10:58
-
-
Save amaddio/d95391c48562f6f40235ab5e839bc1ee to your computer and use it in GitHub Desktop.
CVE-2024-3094_check.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: all:!localhost | |
| gather_facts: no | |
| tasks: | |
| - name: run vulnerabilty check script | |
| ansible.builtin.script: CVE-2024-3094_check.sh | |
| register: cmd_result | |
| - name: get version of | |
| ansible.builtin.shell: apt-cache policy liblzma5 | |
| register: version_of_liblzma5 | |
| - name: check if vulnerability is given | |
| ansible.builtin.assert: | |
| that: | |
| - "'probably not vulnerable' in cmd_result.stdout" | |
| - cmd_result.rc == 0 | |
| - "'5.6' not in version_of_liblzma5" | |
| fail_msg: "liblzma is vulnerable on host" | |
| success_msg: "liblzma is NOT vulnerable on host" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Modified to run both checks using xxd or od as fallback | |
| # script source: https://gist.github.com/darkerego/b8fe6b2ebf2949b5dbfa1593204ae659 | |
| set -eu | |
| # Find path to liblzma used by sshd | |
| path_to_sshd=$(which sshd 2>/dev/null) | |
| /lib64/ld-linux-x86-64.so.2 --verify "$path_to_sshd" | |
| linked_sshd_libraries=$(LD_TRACE_LOADED_OBJECTS=1 /lib64/ld-linux-x86-64.so.2 "$path_to_sshd") | |
| path_cve_2024_3094="$(printf "%s" "$linked_sshd_libraries" | grep liblzma | grep -oP '/[^ ]+')" | |
| # Check if the path was found | |
| if [ -z "$path_cve_2024_3094" ]; then | |
| echo "liblzma not found in the sshd dependencies. Your system might not be vulnerable or sshd is not installed." | |
| exit 1 | |
| fi | |
| echo 'Check one: does it even exist?' | |
| # Check if the file exists | |
| if [ ! -f "$path_cve_2024_3094" ]; then | |
| echo "The liblzma file does not exist at the detected path: $path_cve_2024_3094. Probably not vulnerable." | |
| exit 1 | |
| fi | |
| echo 'Check 2: function signature' | |
| # Function to check for vulnerability using xxd or od | |
| check_vulnerability() { | |
| local path="$1" | |
| # Check if xxd is available | |
| if command -v xxd > /dev/null; then | |
| xxd -p "$path" | tr -d '\n' | grep -q 'f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410' && echo "probably vulnerable" || echo "probably not vulnerable" | |
| elif command -v od > /dev/null; then | |
| # Use od as a fallback | |
| od -v -t x1 -An "$path" | tr -d ' \n' | grep -q 'f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410' && echo "probably vulnerable" || echo "probably not vulnerable" | |
| else | |
| echo "Neither xxd nor od is available on this system. Cannot perform signature check." | |
| exit 1 | |
| fi | |
| } | |
| check_vulnerability "$path_cve_2024_3094" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment