New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exploit does not map to CVE-2014-3153 on RHEL 7 #5

Open

jason-callaway opened this issue Mar 21, 2019 · 0 comments

Labels

bug

Contributor

jason-callaway commented Mar 21, 2019

CVE-2014-3153 should map to EDBID 35370, but it doesn't.

Reproducer

Create instance

gcloud compute --project=${PROJECT} instances create test-1 \
    --zone=${ZONE} \
    --machine-type=n1-standard-1 \
    --subnet=default  \
    --image=rhel-7-v20190312 \
    --image-project=rhel-cloud \
    --boot-disk-size=20GB \
    --boot-disk-type=pd-standard \
    --boot-disk-device-name=instance-3

Downgrade with cyber-range-target, site.yml:

- hosts: localhost
  connection: local
  become: true
  roles:
    - cyber-range-target
  vars:
    cves_to_test:
    - CVE-2014-3153

Apply with ansible-playbook site.yml.

Attempt to map:

git clone https://github.com/redteam-project/exploit-curation
lem host assess --curation exploit-curation --kind stride --score 000009

The text was updated successfully, but these errors were encountered:

jason-callaway added the bug label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment