-
-
Save darkerego/b8fe6b2ebf2949b5dbfa1593204ae659 to your computer and use it in GitHub Desktop.
| #! /bin/bash | |
| # Modified to run both (redudantly, yes, I know, I am paranoid, you should be too) checks | |
| # | |
| set -eu | |
| # find path to liblzma used by sshd | |
| path="$(ldd $(which sshd) | grep liblzma | grep -o '/[^ ]*')" | |
| echo 'Check one: does it even exist?' | |
| # does it even exist? | |
| if [ "$path" == "" ] | |
| then | |
| echo probably not vulnerable | |
| # exit | |
| fi | |
| echo 'Check 2: function signature' | |
| # check for function signature | |
| if hexdump -ve '1/1 "%.2x"' "$path" | grep -q f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410 | |
| then | |
| echo probably vulnerable | |
| else | |
| echo probably not vulnerable | |
| fi | |
Suggestion to not use the hexdump as it needs to be installed seperately on most distros:
#! /bin/bash
# Modified to run both checks using xxd or od as fallback
set -eu
# Find path to liblzma used by sshd
path_cve_2024_3094="$(ldd $(which sshd 2>/dev/null) | grep liblzma | grep -oP '/[^ ]+')"
# Check if the path was found
if [ -z "$path_cve_2024_3094" ]; then
echo "liblzma not found in the sshd dependencies. Your system might not be vulnerable or sshd is not installed."
exit 1
fi
echo 'Check one: does it even exist?'
# Check if the file exists
if [ ! -f "$path_cve_2024_3094" ]; then
echo "The liblzma file does not exist at the detected path: $path_cve_2024_3094. Probably not vulnerable."
exit 1
fi
echo 'Check 2: function signature'
# Function to check for vulnerability using xxd or od
check_vulnerability() {
local path="$1"
# Check if xxd is available
if command -v xxd > /dev/null; then
xxd -p "$path" | tr -d '\n' | grep -q 'f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410' && echo "probably vulnerable" || echo "probably not vulnerable"
elif command -v od > /dev/null; then
# Use od as a fallback
od -v -t x1 -An "$path" | tr -d ' \n' | grep -q 'f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410' && echo "probably vulnerable" || echo "probably not vulnerable"
else
echo "Neither xxd nor od is available on this system. Cannot perform signature check."
exit 1
fi
}
check_vulnerability "$path_cve_2024_3094"
You should not use ldd on unsafe binaries:
https://jmmv.dev/2023/07/ldd-untrusted-binaries.html
https://lore.kernel.org/linux-man/20231016061923.105814-1-siddhesh@gotplt.org/t/#u
I have updated your script @Sn0w3y with the suggestion of @eliehalimi to not use ldd. Changes I have made are
path_to_sshd=$(which sshd 2>/dev/null)
/lib64/ld-linux-x86-64.so.2 --verify "$path_to_sshd"
linked_sshd_libraries=$(LD_TRACE_LOADED_OBJECTS=1 /lib64/ld-linux-x86-64.so.2 "$path_to_sshd")
path_cve_2024_3094="$(printf "%s" "$linked_sshd_libraries" | grep liblzma | grep -oP '/[^ ]+')"I did not want to clutter up the comment section. I have put an updated script in my gist here: https://gist.github.com/amaddio/d95391c48562f6f40235ab5e839bc1ee
I have updated your script @Sn0w3y with the suggestion of @eliehalimi to not use
ldd. Changes I have made arepath_to_sshd=$(which sshd 2>/dev/null) /lib64/ld-linux-x86-64.so.2 --verify "$path_to_sshd" linked_sshd_libraries=$(LD_TRACE_LOADED_OBJECTS=1 /lib64/ld-linux-x86-64.so.2 "$path_to_sshd") path_cve_2024_3094="$(printf "%s" "$linked_sshd_libraries" | grep liblzma | grep -oP '/[^ ]+')"I did not want to clutter up the comment section. I have put an updated script in my gist here: https://gist.github.com/amaddio/d95391c48562f6f40235ab5e839bc1ee
Great, thanks!
This script mess up with the global environment variable path. I would change it to rename the variable path eg path_cve_2024_3094="$(ldd $(which sshd) | grep liblzma | grep -o '/[^ ]*')"