Skip to content

Commit

Permalink
Create CVE-2022-2068.sh
Browse files Browse the repository at this point in the history
  • Loading branch information
@backloop-biz
backloop-biz authored Jul 12, 2022
1 parent 21a2bc6 commit d5e8e70
Showing 1 changed file with 367 additions and 0 deletions.
367 changes: 367 additions & 0 deletions CVE-2022-2068.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,367 @@
#!/bin/bash
# 12-07-2022
# Enrico Pasqualotto epasqualotto AT backloop.biz
# run with --fix for auto-fix option

OS_DETECTED=0
fix=0
declare -A fixedVer
declare -A vulnVer

function vercomp () {
if [[ $1 == $2 ]]
then
return 0
fi
local IFS=.
local i ver1=($1) ver2=($2)
# fill empty fields in ver1 with zeros
for ((i=${#ver1[@]}; i<${#ver2[@]}; i++))
do
ver1[i]=0
done
for ((i=0; i<${#ver1[@]}; i++))
do
if [[ -z ${ver2[i]} ]]
then
# fill empty fields in ver2 with zeros
ver2[i]=0
fi
if ((10#${ver1[i]} > 10#${ver2[i]}))
then
return 1
fi
if ((10#${ver1[i]} < 10#${ver2[i]}))
then
return 2
fi
done
return 0
}


function getRedHatPkgVer() {
local package_names=( "$@" )

pkgver=`rpm -qa --queryformat="%{NAME}-%{VERSION}-%{RELEASE}\n" "${package_names[@]}"`
echo $pkgver

}

function getDebianPkgVer (){

pkgver=`dpkg -s "$1" | grep Version | cut -d ":" -f2| cut -d' ' -f2`
echo $pkgver

}

if [ "$1" == "--help" ]; then
echo "Use --fix to patch your system"
exit 0
elif [ "$1" == "--fix" ]; then
fix=1
echo "Run with auto-fix enabled!"
sleep 2
fi


#OS CHECK

if [[ "$OSTYPE" != "linux-gnu"* ]]; then
echo "O.S. $OSTYPE Not supported!"
exit 1
fi

#ubuntu
if [ -f /etc/os-release ] && [ ! -f /etc/centos-release-upstream ]; then
TMP_DISTRIB=`cat /etc/os-release | grep -m1 "^NAME" | cut -d "=" -f2 | sed s/\"//g`

if [ "$TMP_DISTRIB" == "Ubuntu" ]; then

OS_DETECTED=1

DISTRIB=`cat /etc/os-release | grep -m1 "^NAME" | cut -d "=" -f2 | sed s/\"//g`
VERNAME=`cat /etc/os-release | grep -m1 "VERSION_CODENAME" | cut -d "=" -f2`
VER=`cat /etc/os-release | grep -m1 "VERSION_ID" | cut -d "=" -f2 | sed s/\"//g`

echo "Detected O.S. : $DISTRIB $VER $VERNAME"
fi
fi

# debian
if [ "$OS_DETECTED" == "0" ] && [ -f /etc/debian_version ]; then

OS_DETECTED=1

VER=`cat /etc/debian_version`
DISTRIB=Debian
VERNAME=$(. /etc/os-release && echo ${VERSION_CODENAME-stretch})

echo "Detected O.S. : $DISTRIB $VER $VERNAME"

fi

# redhat
if [ "$OS_DETECTED" == "0" ] && [ -f /etc/redhat-release ]; then

OS_DETECTED=1
PARENT_DISTRIB="RedHat"
DISTRIB=`cat /etc/os-release | grep -m1 "^NAME" | cut -d "=" -f2 | sed s/\"//g`
VERNAME=`cat /etc/os-release | grep -m1 "PRETTY_NAME" | cut -d "=" -f2`
VER=`cat /etc/os-release | grep -m1 "VERSION_ID" | cut -d "=" -f2 | sed s/\"//g`

echo "Detected O.S. : $DISTRIB $VER $VERNAME"
fi

#CentOS based
if [ "$OS_DETECTED" == "0" ] && [ -f /etc/centos-release-upstream ]; then

OS_DETECTED=1
PARENT_DISTRIB="Centos"
DISTRIB=`cat /etc/os-release | grep -m1 "^NAME" | cut -d "=" -f2 | sed s/\"//g`
VERNAME=`cat /etc/os-release | grep -m1 "PRETTY_NAME" | cut -d "=" -f2`
VER=`cat /etc/os-release | grep -m1 "VERSION_ID" | cut -d "=" -f2 | sed s/\"//g`

echo "Detected O.S. : $DISTRIB $VER $VERNAME"
fi

if [ "$OS_DETECTED" == "0" ]; then
echo "O.S. not supported!"
exit 1
fi
#cat /etc/os-release | grep -m1 "NAME" | cut -d "=" -f2 | sed s/\"//g


if [ "$DISTRIB" == "Ubuntu" ]; then

PACKAGE=openssl

#fixedVer["1404"]="" #Trusty
fixedVer["1604"]="1.0.2g-1ubuntu4.20+esm5" #Xenial
fixedVer["1804"]="1.1.1-1ubuntu2.1~18.04.19" #Bionic
fixedVer["2004"]="1.1.1f-1ubuntu2.15" #Focal
fixedVer["2110"]="1.1.1l-1ubuntu1.5" #Impish
fixedVer["2204"]="3.0.2-0ubuntu1.5" #Jammy

isinstalled=`dpkg -l | grep $PACKAGE | wc -l`

if [ "$isinstalled" == "0" ]; then
echo "No package found on your system. You are not vulnerable!"
exit 0
fi

curver=`getDebianPkgVer "$PACKAGE"`
#echo $curver
#echo ${fixedVer[`echo $VER| sed 's/\.//'`]}

if [ "${fixedVer[`echo $VER| sed 's/\.//'`]}" == "" ]; then
echo "No patch available for your distribution/version"
echo "Try mitigate with command: chmod 0755 /usr/bin/pkexec"
exit 1
fi

if [ "$curver" == "${fixedVer[`echo $VER| sed 's/\.//'`]}" ]; then
res='same'
vuln=0
else
dpkg --compare-versions $curver lt ${fixedVer[`echo $VER| sed 's/\.//'`]}
cmpres=$?
case $cmpres in
0)
res='lower'
vuln=1
;;
1)
res='greater'
vuln=0
;;
esac
fi
echo "My version ($curver) is $res than version (${fixedVer[`echo $VER| sed 's/\.//'`]}) with the patch"
if [ "$vuln" == "0" ]; then
echo "System not vulnerable"
else
echo "System vulnerable!"

if [ "$fix" == "1" ]; then

isroot=`id -u`
if [ "$isroot" != "0" ]; then
echo "Auto-fix option need root privildge. Please run with sudo or as root"
exit 1
fi

apt-get update
apt-get -y install $PACKAGE

newver=`getDebianPkgVer "$PACKAGE"`

if [ "$curver" != "$newver" ]; then
echo "Upgrade done"
dpkg --compare-versions $newver lt ${fixedVer[`echo $VER| sed 's/\.//'`]}
cmpres=$?
case $cmpres in
0)
res='lower'
vuln=1
;;
1)
res='greater'
vuln=0
;;
esac

echo "My version ($newver) is $res than version (${fixedVer[`echo $VER| sed 's/\.//'`]}) with the patch"
echo "System no more vulnerable!"
else
echo "Attempt to install new version of pkg failed!"
fi
fi
fi


elif [ "$DISTRIB" == "Debian" ]; then

PACKAGE=openssl

fixedVer["buster"]="1.1.1n-0+deb10u3"
vulnVer["buster"]="1.1.1n-0+deb10u1"
vulnVer["bulleye"]="1.1.1n-0+deb11u3"
fixedVer["bookworm"]="3.0.4-2"
fixedVer["sid"]=" 3.0.4-2"

isinstalled=`dpkg -l | grep $PACKAGE | wc -l`

if [ "$isinstalled" == "0" ]; then
echo "No package found on your system. You are not vulnerable!"
exit 0
fi

curver=`getDebianPkgVer "$PACKAGE"`
#echo $curver
#echo ${fixedVer[$VERNAME]}

isinstalled=`dpkg -l | grep $PACKAGE | wc -l`

if [ "$isinstalled" == "0" ]; then
echo "No package found on your system. You are not vulnerable!"
exit 0
fi

curver=`getDebianPkgVer "$PACKAGE"`
#echo $curver
#echo ${fixedVer[$VERNAME]}

myvulnver=${vulnVer[`echo $VERNAME| sed 's/\.//'`]}
myfixedver=${fixedVer[`echo $VERNAME| sed 's/\.//'`]}

if [ "$myvulnver" == "" ] && [ "$myfixedver" == "" ]; then

echo "No information available for your system. Sorry"
exit 0

elif [ "$myfixedver" != "" ]; then

if [ "$curver" == "$myfixedver" ]; then
res='same'
vuln=0
else
dpkg --compare-versions $curver lt $myfixedver
cmpres=$?
case $cmpres in
0)
res='lower'
vuln=1
;;
1)
res='greater'
vuln=0
;;
esac
fi
echo "My version ($curver) is $res than version ($myfixedver) with the patch"
if [ "$vuln" == "0" ]; then
echo "System not vulnerable"
else
echo "System vulnerable!"

if [ "$fix" == "1" ]; then

isroot=`id -u`
if [ "$isroot" != "0" ]; then
echo "Auto-fix option need root privildge. Please run with sudo or as root"
exit 1
fi

apt-get update
apt-get -y install $PACKAGE

newver=`getDebianPkgVer "$PACKAGE"`

if [ "$curver" != "$newver" ]; then
echo "Upgrade done"
dpkg --compare-versions $newver lt $myfixedver
cmpres=$?
case $cmpres in
0)
res='lower'
vuln=1
;;
1)
res='greater'
vuln=0
;;
esac

echo "My version ($newver) is $res than version ($myfixedver) with the patch"
echo "System no more vulnerable!"
else
echo "Attempt to install new version of pkg failed!"
fi
fi
fi


elif [ "$myvulnver" != "" ]; then

if [ "$curver" == "$myvulnver" ]; then
res='same'
vuln=1
else
dpkg --compare-versions $curver lt $myvulnver
cmpres=$?
case $cmpres in
0)
res='lower'
vuln=1
;;
1)
res='greater'
vuln=0
;;
esac
fi
echo "My version ($curver) is $res than version ($myvulnver) vulnerable"
if [ "$vuln" == "0" ]; then
echo "System not vulnerable"
else
echo "System vulnerable!"

if [ "$fix" == "1" ]; then
echo "No fix available at this time"
fi
fi
else
echo "?"
exit 1
fi

elif [ "$PARENT_DISTRIB" == "Centos" ] || [ "$PARENT_DISTRIB" == "RedHat" ]; then

echo "Checks for CentOS and RH aren't available now but RH6,7,8 are no vulnerables (https://access.redhat.com/security/cve/cve-2022-29799)"
exit 0
else
echo "Fix and check not available for your distribution!"
echo $PARENT_DISTRIB
exit 1
fi

0 comments on commit d5e8e70

Please sign in to comment.