-
Notifications
You must be signed in to change notification settings - Fork 0
/
detect-cve-2024-3094.sh
82 lines (77 loc) · 2.74 KB
/
detect-cve-2024-3094.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#!/bin/bash
# Function to check the XZ Utils version
check_xz_version() {
local xz_version
if command -v dpkg &>/dev/null; then
xz_version=$(dpkg-query -W -f='${Version}' xz-utils 2>/dev/null)
package_manager="dpkg"
elif command -v rpm &>/dev/null || command -v zypper &>/dev/null; then
xz_version=$(rpm -q xz 2>/dev/null | grep -o -E '[0-9]+\.[0-9]+\.[0-9]+')
package_manager="rpm/zypper"
else
echo "Unsupported package manager or XZ Utils is not installed."
return 1
fi
if [[ -n "$xz_version" ]]; then
echo "Installed XZ Utils version: $xz_version"
if [[ "$xz_version" == "5.6.0" || "$xz_version" == "5.6.1" ]]; then
echo "Your system is running a vulnerable version of XZ Utils."
is_vulnerable=true
else
echo "Your system is not running a vulnerable version of XZ Utils."
is_vulnerable=false
fi
else
echo "XZ Utils is not installed or version information not available."
return 1
fi
}
# Function to check the Linux distribution and downgrade XZ Utils if needed
check_and_downgrade() {
local distro=$(. /etc/os-release && echo "$ID")
case "$distro" in
fedora)
echo "Fedora-based system detected."
if [ "$is_vulnerable" = true ]; then
sudo dnf downgrade xz-5.4.3
echo "XZ Utils downgraded to version 5.4.3."
else
echo "No vulnerability detected. No downgrade needed."
fi
;;
debian)
echo "Debian-based system detected."
if [ "$is_vulnerable" = true ]; then
sudo apt install xz-utils=5.4.3
echo "XZ Utils downgraded to version 5.4.3."
else
echo "No vulnerability detected. No downgrade needed."
fi
;;
opensuse-tumbleweed)
echo "openSUSE Tumbleweed system detected."
if [ "$is_vulnerable" = true ]; then
sudo zypper downgrade xz-5.4.3
echo "XZ Utils downgraded to version 5.4.3."
else
echo "No vulnerability detected. No downgrade needed."
fi
;;
kali)
echo "Debian-based Kali Linux system detected."
if [ "$is_vulnerable" = true ]; then
sudo apt install xz-utils=5.4.3
echo "XZ Utils downgraded to version 5.4.3."
else
echo "No vulnerability detected. No downgrade needed."
fi
;;
*)
echo "Unsupported Linux distribution detected."
return 1
;;
esac
}
# Call the functions
check_xz_version
check_and_downgrade