digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-22 03:38:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

vulnerabilities/unix/local/dirtycow

Browse Source
This commit is contained in:
ts
2019-02-05 17:28:15 +00:00
parent 1a61db5b1f
commit 341cd0bdf6
7 changed files with 86 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
modules/bases/debian_puppet_32/secgen_metadata.xml
View File

@@ -20,4 +20,9 @@
<reference>https://atlas.hashicorp.com/puppetlabs</reference>
<software_license>various</software_license>
<requires>
<type>upgrade</type>
</requires>
</base>

4
modules/bases/debian_wheezy_desktop_kde/secgen_metadata.xml
View File

@@ -21,4 +21,8 @@
<reference>https://atlas.hashicorp.com/puppetlabs</reference>
<software_license>various</software_license>
<requires>
<type>upgrade</type>
</requires>
</base>

35
modules/utilities/unix/update/apt_upgrade/manifests/apt.pp
View File

@@ -1,17 +1,28 @@
class apt_upgrade::apt {
case $operatingsystem {
'Debian': {
exec { 'update':
command => "/usr/bin/apt-get upgrade",
tries => 5,
try_sleep => 30,
notice("Running apt-upgrade module...")
if defined('dirtycow::config') {
notice("vulnerabilities/unix/local/dirtycow included - skipping apt-get upgrade...")
} else {
case $operatingsystem {
'Debian': {
exec { 'update':
command => "/usr/bin/apt-get -y upgrade",
tries => 5,
try_sleep => 30,
timeout => 0,
logoutput => true,
}
}
}
'Ubuntu': {
exec { 'update':
command => "/usr/bin/apt-get upgrade",
tries => 5,
try_sleep => 30,
'Ubuntu': {
exec { 'update':
command => "/usr/bin/apt-get -y upgrade",
tries => 5,
try_sleep => 30,
timeout => 0,
logoutput => true,
}
}
}
}

1
modules/vulnerabilities/unix/local/dirtycow/dirtycow.pp Normal file
View File

@@ -0,0 +1 @@
include dirtycow::config

3
modules/vulnerabilities/unix/local/dirtycow/manifests/config.pp Normal file
View File

@@ -0,0 +1,3 @@
class dirtycow::config {
notice("dirtycow::config: Do nothing, the apt upgrade just checks if we're defined and blocks apt-get upgrade if so.")
}

33
modules/vulnerabilities/unix/local/dirtycow/secgen_metadata.xml Normal file
View File

@@ -0,0 +1,33 @@
<?xml version="1.0"?>
<vulnerability xmlns="http://www.github/cliffe/SecGen/vulnerability"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
<name>DirtyCow privilege escalation</name>
<author>Thomas Shaw</author>
<module_license>MIT</module_license>
<description>DirtyCow local privilege escalation. Including this module prevents the default apt-get upgrade from
running which leaves the wheezy bases vulnerable.
</description>
<type>unpatched_kernel</type>
<type>race_condition</type>
<privilege>root_rwx</privilege>
<access>local</access>
<platform>linux</platform>
<difficulty>medium</difficulty>
<conflict>
<name>.*Stretch.*</name>
</conflict>
<conflict>
<name>.*Kali.*</name>
</conflict>
<conflict>
<name>.*Windows.*</name>
</conflict>
<conflict>
<name>.*Ubuntu.*</name>
</conflict>
</vulnerability>

17
modules/vulnerabilities/unix/local/dirtycow/secgen_test/dirtycow.rb Normal file
View File

@@ -0,0 +1,17 @@
require_relative '../../../../../lib/post_provision_test'
class DirtyCOWTest < PostProvisionTest
def initialize
self.module_name = 'dirtycow'
self.module_path = get_module_path(__FILE__)
super
end
def test_module
super
test_local_command('apt-get upgrade not performed?', 'sudo apt-get -u upgrade --assume-no','linux-image-3.')
end
end
DirtyCOWTest.new.run