Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exploits missing #31

Closed
S3cur3Th1sSh1t opened this issue Jul 31, 2019 · 1 comment
Closed

Exploits missing #31

S3cur3Th1sSh1t opened this issue Jul 31, 2019 · 1 comment

Comments

@S3cur3Th1sSh1t
Copy link

Hi,

this is not really an issue in the code.
There are currently at minimum 2 exploits missing for CVE-2019-1129 and CVE-2019-1130. That was the fix for the latest sandboxescaper CVE-2019-0841 Bypass vulnerability from july.

One way to exploit this is here (Race Condition, so multiple cores needed):
https://github.com/SecureThisShit/SharpByeBear

Greetings
@bitsadmin
Copy link
Owner

Thanks for your feedback!

As wes-ng collects information from various sources, including exploit links from Mitre's CVE database hosted at NVD (https://nvd.nist.gov/), there is indeed not much we can do about it in the code of wes-ng.

To complement the information regarding the 2 CVEs you mentioned, you can submit the exploit links at https://cveform.mitre.org/. This updated information will then be propagated to NVD and be included in the future definitions update of wes-ng.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bitsadmin @S3cur3Th1sSh1t