Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Update patched version check
  • Loading branch information
bcoles committed Jun 22, 2018
1 parent b8f0ca2 commit 6d3c141
Showing 1 changed file with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions modules/exploits/unix/http/quest_kace_systems_management_rce.rb
Expand Up @@ -43,6 +43,7 @@ def initialize(info = {})
'References' =>
[
['CVE', '2018-11138'],
['URL', 'https://support.quest.com/product-notification/noti-00000134'],
['URL', 'https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities']
],
'Payload' =>
Expand Down Expand Up @@ -82,9 +83,16 @@ def check
return CheckCode::Detected
end

version = res.headers['X-KACE-Version'].to_s
version = Gem::Version.new res.headers['X-KACE-Version'].to_s
vprint_status "Found KACE appliance version #{version}"
if Gem::Version.new(version) <= Gem::Version.new('8.0.318')

# Patched versions : https://support.quest.com/product-notification/noti-00000134
if version < Gem::Version.new('7.0') ||
(version >= Gem::Version.new('7.0') && version < Gem::Version.new('7.0.121307')) ||
(version >= Gem::Version.new('7.1') && version < Gem::Version.new('7.1.150')) ||
(version >= Gem::Version.new('7.2') && version < Gem::Version.new('7.2.103')) ||
(version >= Gem::Version.new('8.0') && version < Gem::Version.new('8.0.320')) ||
(version >= Gem::Version.new('8.1') && version < Gem::Version.new('8.1.108'))
return CheckCode::Appears
end

Expand Down

0 comments on commit 6d3c141

Please sign in to comment.