linux-exploit-suggester/CHANGELOG at master · The-Z-Labs/linux-exploit-suggester · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

linux-exploit-suggester.sh v1.2 [2026-02-19]

o fix seccomp check (#96) [vanhauser-thc]

o Ensure at least one src-url/bin-url/exploit-db is present for each exploit (#75) [bcoles]

o Multiple fixes and updates for other exploit references

o Add exploits:

  + add exploit references for CVE-2021-3493 and CVE-2022-0995 vulns

  + add exploit reference for kernel CVE-2018-14634 vulnerability

  + add exploit reference for kernel CVE-2023-0386 vulnerability

  + add exploit reference for kernel CVE-2024-1086 vulnerability

  + add exploit reference for sudo CVE-2025-32463 vulnerability

  + Added exploit for CVE-2022-32250

  + Added exploit for CVE-2022-2586

  + Add DirtyPipe (CVE-2022-0847) (#95) [bcoles]

  + Add PwnKit (CVE-2021-4034) (#94) [bcoles]

  + Add eBPF ALU32 bounds tracking for bitwise ops (CVE-2021-3490) (#91) [bcoles]

  + Add Netfilter heap out-of-bounds write (CVE-2021-22555) (#90) [bcoles]

  + Add worawit's sudo Baron Samedit (CVE-2021-3156) exploit (#85) [bcoles]

  + Add linux-iscsi (CVE-2021-27365) (#84) [bcoles]

  + Add setuid screen v4.5.0 LPE (#81) [emanuelduss]

  + XFRM_UAF (CVE-2019-15666) exploit (initial entry_)

  + Add Wing FTP Server <= 6.2.5 LPE (CVE-2020-9470) (#73) [bcoles]

  + Add sudo pwfeedback (CVE-2019-18634) (#72) [bcoles]

linux-exploit-suggester.sh v1.1 [2020-01-07]

o Add more reliable DISTRO version detection (based on /etc/*-release files)

o Added following exploits:

  + add SystemTap exploit (CVE-2010-4170) (#46) [bcoles]

  + add abrt/sosreport-rhel7 exploit (#48) [bcoles]

  + add Return of the WIZard (exim) (CVE-2019-10149) (#54) [bcoles]

  + Add Serv-U FTP Server exploit (CVE-2019-12181) (#58) [bcoles]

  + Add PTRACE_TRACEME (CVE-2019-13272) (#61) [bcoles]

  + Add ktsuss (CVE-2011-2921) (#62) [bcoles]

  + Add rds_atomic_free_op NULL pointer dereference (CVE-2018-5333) (#67) [bcoles]

  + Add GNU Mailutils maidag url local root (CVE-2019-18862) (#69) [bcoles]

o Added following '--checksec' mode improvements:

  + add detection for kernel.yama.ptrace_scope (#49) [bcoles]

o Rewritten README.md. Displaying exposure (calculted based on rank) instead of raw numeric rank

o '--uname' mode improvement: do tagging and rank calculation also
    when LES is run with '--uname' switch. uname string contains
    distro name so we're bumping rank (+1) for each exploit that is
    known run on given distro. Also rank is bumped when there is
    kernel version match (+3).

o Refinements for following exploits:

  + add ntfs-3g version check: pkg=ntfs-3g,ver<2017.4 (#50) [bcoles]

  + update tested package versions for raceabrt (#47) [bcoles]

  + add udev version check pkg=udev,ver<141 (#51) [bcoles]

  + RationalLove fix: libc package is named 'libc6' on Debian/Ubuntu

  + Add nginx version check: pkg=nginx|nginx-full,ver<1.10.3 (#57) [bcoles]

  + rds_atomic_free_op exploit: update targets

linux-exploit-suggester.sh v1.0 [2019-03-01]

o Added additional 'Tags' for multiple exploits based on:

  + verifications conducted by bcoles and his notes at: https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/local

  + https://github.com/lucyoa/kernel-exploits

o Added following '--checksec' mode improvements:

  + added checks for all exploitation prevention features recommended by
    KSPP Project (http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings)

  + handling situation when no kernel config is present on checked system (putting state 'unknown'
    when existence/enablement of the feature can't be determined)

  + support for features that have more then two states possible (e.g. CONFIG_SECCOMP)

o Sorting exploits functionality added. Sorting is done by dynamically calculated rank.
  Now most relevant exploits are listed and the top of the listing.

o Added check for Linux Kernel Runtime Guard (LKRG) (#36) [bcoles]

o Added bin-url for msf cross-compiled exploits (#32) [bcoles]

o Added support for pacman packages (#30) [bcoles]

o Improved 'tag matching functionality'

o Added support for additional distros (#29) [bcoles]

o Added following exploits:

  + added dirty_sock exploit (#41) [bcoles]

  + added s-nail-privsep exploit (#39) [bcoles]

  + added subuid_shell (CVE-2018-18955) exploit (#34) [bcoles]

  + added raptor_xorgy exploit (#35) [bcoles]

  + added vpnc_privesc.py (CVE-2018-10900) exploit (#31) [bcoles]

  + added ntfs-3g-modprobe (CVE-2017-0358) exploit (#22) [bcoles]

o Refinements for following exploits:

  + update eBPF_verifier (CVE-2017-16995) (#28)

  + added more specific info for 'dirtycow' exploits

  + updated tags for userhelper and RDS exploits (#25) [bcoles]

  + Changed kernel-exploits.com URLs to archive.org (multiple exploits) (#24) [bcoles]

  + updated 'udev' exploit requirements (#20) [bcoles]

  + added 'src-url' for 'BadIRET' exploit

  + added alternative urls for 'af_packet' and 'NETIF_F_UFO' exploits

o Added this CHANGELOG file to the repository.