diff --git a/modules/bases/debian_puppet_32/secgen_metadata.xml b/modules/bases/debian_puppet_32/secgen_metadata.xml
index 171d99ba9..fdda2be95 100644
--- a/modules/bases/debian_puppet_32/secgen_metadata.xml
+++ b/modules/bases/debian_puppet_32/secgen_metadata.xml
@@ -20,4 +20,9 @@
https://atlas.hashicorp.com/puppetlabs
various
+
+
+ upgrade
+
+
diff --git a/modules/bases/debian_wheezy_desktop_kde/secgen_metadata.xml b/modules/bases/debian_wheezy_desktop_kde/secgen_metadata.xml
index a73992247..ec9597f9f 100644
--- a/modules/bases/debian_wheezy_desktop_kde/secgen_metadata.xml
+++ b/modules/bases/debian_wheezy_desktop_kde/secgen_metadata.xml
@@ -21,4 +21,8 @@
https://atlas.hashicorp.com/puppetlabs
various
+
+ upgrade
+
+
diff --git a/modules/utilities/unix/update/apt_upgrade/manifests/apt.pp b/modules/utilities/unix/update/apt_upgrade/manifests/apt.pp
index 654d0c6f0..281d9a353 100644
--- a/modules/utilities/unix/update/apt_upgrade/manifests/apt.pp
+++ b/modules/utilities/unix/update/apt_upgrade/manifests/apt.pp
@@ -1,17 +1,28 @@
class apt_upgrade::apt {
- case $operatingsystem {
- 'Debian': {
- exec { 'update':
- command => "/usr/bin/apt-get upgrade",
- tries => 5,
- try_sleep => 30,
+
+ notice("Running apt-upgrade module...")
+
+ if defined('dirtycow::config') {
+ notice("vulnerabilities/unix/local/dirtycow included - skipping apt-get upgrade...")
+ } else {
+ case $operatingsystem {
+ 'Debian': {
+ exec { 'update':
+ command => "/usr/bin/apt-get -y upgrade",
+ tries => 5,
+ try_sleep => 30,
+ timeout => 0,
+ logoutput => true,
+ }
}
- }
- 'Ubuntu': {
- exec { 'update':
- command => "/usr/bin/apt-get upgrade",
- tries => 5,
- try_sleep => 30,
+ 'Ubuntu': {
+ exec { 'update':
+ command => "/usr/bin/apt-get -y upgrade",
+ tries => 5,
+ try_sleep => 30,
+ timeout => 0,
+ logoutput => true,
+ }
}
}
}
diff --git a/modules/vulnerabilities/unix/local/dirtycow/dirtycow.pp b/modules/vulnerabilities/unix/local/dirtycow/dirtycow.pp
new file mode 100644
index 000000000..f86b5785e
--- /dev/null
+++ b/modules/vulnerabilities/unix/local/dirtycow/dirtycow.pp
@@ -0,0 +1 @@
+include dirtycow::config
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/local/dirtycow/manifests/config.pp b/modules/vulnerabilities/unix/local/dirtycow/manifests/config.pp
new file mode 100644
index 000000000..5a22e775d
--- /dev/null
+++ b/modules/vulnerabilities/unix/local/dirtycow/manifests/config.pp
@@ -0,0 +1,3 @@
+class dirtycow::config {
+ notice("dirtycow::config: Do nothing, the apt upgrade just checks if we're defined and blocks apt-get upgrade if so.")
+}
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/local/dirtycow/secgen_metadata.xml b/modules/vulnerabilities/unix/local/dirtycow/secgen_metadata.xml
new file mode 100644
index 000000000..90d6aaac1
--- /dev/null
+++ b/modules/vulnerabilities/unix/local/dirtycow/secgen_metadata.xml
@@ -0,0 +1,33 @@
+
+
+
+ DirtyCow privilege escalation
+ Thomas Shaw
+ MIT
+ DirtyCow local privilege escalation. Including this module prevents the default apt-get upgrade from
+ running which leaves the wheezy bases vulnerable.
+
+
+ unpatched_kernel
+ race_condition
+ root_rwx
+ local
+ linux
+ medium
+
+
+ .*Stretch.*
+
+
+ .*Kali.*
+
+
+ .*Windows.*
+
+
+ .*Ubuntu.*
+
+
+
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/local/dirtycow/secgen_test/dirtycow.rb b/modules/vulnerabilities/unix/local/dirtycow/secgen_test/dirtycow.rb
new file mode 100644
index 000000000..1433b43a4
--- /dev/null
+++ b/modules/vulnerabilities/unix/local/dirtycow/secgen_test/dirtycow.rb
@@ -0,0 +1,17 @@
+require_relative '../../../../../lib/post_provision_test'
+
+class DirtyCOWTest < PostProvisionTest
+ def initialize
+ self.module_name = 'dirtycow'
+ self.module_path = get_module_path(__FILE__)
+ super
+ end
+
+ def test_module
+ super
+ test_local_command('apt-get upgrade not performed?', 'sudo apt-get -u upgrade --assume-no','linux-image-3.')
+ end
+
+end
+
+DirtyCOWTest.new.run
\ No newline at end of file