-
Notifications
You must be signed in to change notification settings - Fork 1
/
cve.py
92 lines (81 loc) · 2.54 KB
/
cve.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
import subprocess
from loguru import logger
VERSAO_VULNERAVEL = ["5.6.0", "5.6.1"]
def verificar_caminho_sshd():
try:
caminho_sshd = subprocess.run([
"whereis",
"-b",
"sshd"],
capture_output=True
)
caminho_sshd = caminho_sshd.stdout
retorno = caminho_sshd.decode("utf-8").replace("\n", "")
retorno = retorno.split()
logger.info(f"Caminho verificado: {retorno}")
return retorno[1]
except Exception as e:
logger.error(e)
return False
def verificar_liblzma(path_sshd):
try:
logger.info(f"Verificando ldd: {path_sshd}")
ldd_output = subprocess.run(["ldd", path_sshd], capture_output=True)
ldd_output = ldd_output.stdout
path_liblzma = ldd_output.decode("utf-8").split()
retorno_lista = list(filter(lambda x: 'liblzma' in x, path_liblzma))
logger.info(f"Lista: {retorno_lista}")
return retorno_lista[1]
except Exception as e:
logger.error(e)
return False
def verificar_xz():
try:
caminho_xz = subprocess.run([
"whereis",
"-b",
"xz"],
capture_output=True
)
caminho_xz = caminho_xz.stdout
logger.info(caminho_xz)
retorno = caminho_xz.decode("utf-8").replace("\n", "")
retorno = retorno.split()
logger.info(f"Caminho verificado: {retorno}")
return retorno[1]
except Exception as e:
logger.error(e)
return False
def conferir_assinatura(path):
hex_dump_liblzma = subprocess.run([
"hexdump",
"-ve",
'1/1 \"%02x\"',
path],
capture_output=True
)
hex_dump_liblzma = hex_dump_liblzma.stdout
if "f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410" in hex_dump_liblzma.decode("utf-8"):
logger.warning("Assinatura da liblzma: VULNERAVEL")
else:
logger.success("Assinatura da liblzma: OK")
def conferir_xz_versao():
versao_xz = subprocess.run([
"xz",
"--version"
],
capture_output=True)
versao_xz = versao_xz.stdout
versao_local = versao_xz.decode("utf-8").split()
if versao_local[1] in VERSAO_VULNERAVEL:
logger.warning("xz VULNERAVEL")
else:
logger.success("xz OK")
if __name__ == "__main__":
logger.info("Inicializando CVE...")
vh = verificar_caminho_sshd()
vl = verificar_liblzma(vh)
conferir_assinatura(vl)
vz = verificar_xz()
conferir_xz_versao()
logger.info("Encerrando CVE...")