Skip to content

kaotickj/Check-for-CVE-2023-32629-GameOver-lay

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Check for CVE-2023-32629 GameOver(lay)

Script Overview:

The script is designed to perform security checks on an Ubuntu system to detect vulnerabilities related to the GameOver(lay) flaws. It checks for two specific vulnerabilities, CVE-2023-2640 and CVE-2023-32629, which are present in the Linux kernel's OverlayFS module. The script also checks whether OverlayFS is being used on the system.

Detailed Description:

Ubuntu Server Security Checker

This script performs security checks on an Ubuntu server to detect vulnerabilities related to the "GameOver(lay)" flaws. The vulnerabilities are present in the OverlayFS module of the Linux kernel and could lead to local privilege escalation attacks.

Script Overview

The script conducts the following security checks:

  1. Git Installation Check: The script verifies if the git command-line tool is installed on the system.

  2. Git Repository Check: It checks if the system is in a Git repository, which is relevant for one of the vulnerabilities' checks.

  3. Vulnerable Kernel Version Check: The script compares the current kernel version with known vulnerable versions to identify if the system is running a vulnerable kernel version.

  4. Vulnerable Kernel Function Check: It searches for a specific vulnerable function (ovl_copy_up_meta_inode_data) within kernel source code files to identify the presence of a vulnerable kernel function. This check requires root privileges.

  5. OverlayFS Usage Check: The script determines whether OverlayFS is being used on the system by inspecting mounted filesystems.

"GameOver(lay)" Vulnerabilities

The "GameOver(lay)" vulnerabilities are two high-severity security flaws discovered in the Ubuntu kernel's OverlayFS module:

  1. CVE-2023-2640:

    • Allows unprivileged users to set privileged extended attributes on mounted files, potentially granting elevated privileges.
  2. CVE-2023-32629:

    • Inadequate permissions checks during a kernel function can be exploited to escalate privileges and gain unauthorized access.

Ubuntu released fixes for these vulnerabilities on July 24, 2023.

Usage

  1. Make sure you have Python 3 installed.

  2. Clone or download the repository.

  3. Open a terminal and navigate to the repository's directory.

  4. Run the script:

python3 game-over_check.py

Please exercise caution and review the script before running it. Understand the implications of using sudo and ensure that the script aligns with your system's configuration.

The "GameOver(lay)" vulnerabilities are two high-severity security flaws found in the Ubuntu kernel, specifically within the OverlayFS module. These vulnerabilities were disclosed by cybersecurity researchers and have the potential to enable local privilege escalation attacks. Local privilege escalation refers to an attacker gaining higher levels of access and control over a system than they were initially authorized for.

Here's a brief overview of the two vulnerabilities:

CVE-2023-2640:

This vulnerability arises from inadequate permissions checks in certain scenarios in the OverlayFS module. An unprivileged user can set privileged extended attributes on mounted files, leading to them being set on upper files without proper security checks. This can enable an attacker to manipulate files in a way that grants elevated privileges, effectively gaining unauthorized access to the system. CVE-2023-32629:

This vulnerability is another instance of inadequate permissions checks within the OverlayFS module. Specifically, it occurs during the execution of the ovl_do_setxattr function on Ubuntu kernels using OverlayFS. An attacker with local access can exploit this vulnerability to escalate their privileges, potentially gaining root-like access to the system. In summary, both vulnerabilities involve insufficient permissions checks in the OverlayFS module, which could be exploited by a local attacker to gain elevated privileges on the affected Ubuntu systems. These vulnerabilities emphasize the importance of proper security practices in software development and the need for prompt updates to fix such issues. Ubuntu released fixes for these vulnerabilities on July 24, 2023.

Disclaimer

This script is provided for educational and informational purposes. The accuracy and reliability of the script's checks may vary based on system configurations. Always use security best practices and keep your system up-to-date with security patches.

For more information, refer to the official security advisories and sources.


About

Check for CVE-2023-32629 "GameOver(lay)" vulnerability

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages