SECSTACK
SECSTACK

GNU/Linux ve Siber Güvenlik üzerine dökümanlar.

SECSTACK
Author

Share


Tags


.gz text aramak arkime arkime kurulumu bitwarden bitwarden kurulum bitwarden ubuntu canonical livepatch canonical livepatch yapılandırma centos grub rescue centos nfs yapılandırma centos samba yapılandırma chronograf chrony chrony ntp chrony ntp server chrony ntp server kurulumu chrony nts chrony nts yapılandırma dns over tls dns server kurulumu dnssec ed25519 ed25519 openssh ed25519 ssh full packet capture grafana grafana ile prometheus izleme grub rescue grub troubleshooting grub yeniden kurulumu influxdb iptables nftables geçişi iptables nftables kural geçişi irc server kapacitor kernelcare uchecker knot resolver knot resolver dns kurulumu knot resolver kurulumu linux nts server kurulum lvm lvm disk genişletme lvm genişletme lvm ikincil disk genişletme lvm ikincil genişletme lvm var olan disk genişletme lvm var olan genişletme moloch moloch kurulumu network time security nfs nfs yapılandırma nftables ngircd ngircd server ngircd ubuntu ntp server kurulumu nts nts server kurulum openvpn openvpn hardening ossec ossec hids ossec kurulumu outdated shared libraries prometheus restic restic kullanımı rsync rsync dosya transfer rsync kullanımı rsyslog rsyslog log yönlendirme rsyslog uygulama log yönlendirme samba samba yapılandırma scp scp dosya transfer scp kullanımı selks selks kurulumu setperms setugids sftp sftp kullanımı smbclient smbclient kullanımı ssh anahtar oluşturma ssh key oluşturma sshfs sshfs kullanımı sshfs nasıl kullanılır sshuttle stubby stubby kurulumu stubby yapılandırması suricata suricata kurulumu systemd systemd service hardening systemd-resolved systemd-resolved dns over tls systemd-resolved dnssec telegraf tick stack tick stack kurulumu ubuntu nfs yapılandırma ubuntu samba yapılandırma uchecker unbound unbound dns unbound dns kurulumu unbound forwarding dns vpn over ssh vuls vuls vulnerability scanner vuls vulnerability scanner kurulumu zcat zgrep zmore

Vuls - Agentless Vulnerability Scanner

vuls

Vuls, Go ile geliştirilmiş olup NVD, JVN, OVAL, RHSA/ALAS/ELSA/FreeBSD-SA, Changelog veritabanlarını kullanan, *nix tarafında kullanabileceğiniz açık kaynak bir agent-less vulnerability scanner aracıdır.

Bildiğiniz üzere production ortamlarında direkt paket yöneticisi üzerinden tüm güncellemeler yapılmaz. Herhangi bir güvenlik zafiyeti olan paket için manuel güncelleme yapılır. İşleyişi bozmamak adına yapılan bu işlem manuel bir işlem olduğu için sunucu sayısı, yüklü paket sayısı göze alındığında takip edilemez bir süreçtir. Bu kontrollerin belirli periyotta otomatize olarak yapılması, raporlanması gerekmektedir. Vuls konfigürasyonu içerisinde sunucularınızı tanımlayarak, cron expressions vasıtası ile bu işlemi otomatize hale getirebilirsiniz.

Remote, local ve server tarama metodları bulunmaktadır. Local taramalar için SSH erişimine ihtiyaç duymaz. Remote taramalar için SSH erişimine ihtiyaç duymaktadır. Algıladığı CVE'ler ile ilgili ayrıca Slack veya Email üzerinden notification alabilirsiniz.

Kurulum

Vuls kurulumunu CentOS 8.2 Minimal üzerinde gerçekleştirmekteyim.

# sudo yum -y install sqlite git gcc make wget yum-utils
# export latest_version=1.15.5
# wget https://dl.google.com/go/go$latest_version.linux-amd64.tar.gz
# sudo tar -C /usr/local -xzf go$latest_version.linux-amd64.tar.gz
# mkdir $HOME/go

goenv.sh oluşturuyoruz.

# sudo vim /etc/profile.d/goenv.sh

goenv.sh içeriği aşağıdaki şekilde olmalıdır.

export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

Go environment variable server-wide uyguluyoruz.

# source /etc/profile.d/goenv.sh

go-cve-dictionary deploy ediyoruz.

# sudo mkdir /var/log/vuls
# sudo chown <username> /var/log/vuls
# sudo chmod 700 /var/log/vuls
# mkdir -p $GOPATH/src/github.com/kotakanbe
# cd $GOPATH/src/github.com/kotakanbe
# git clone https://github.com/kotakanbe/go-cve-dictionary.git
# cd go-cve-dictionary
# make install

NVD - National Vulnerability Database tarafından vulnerability verilerini alıyoruz.

# cd $HOME
# for i in `seq 2002 $(date +"%Y")`; do go-cve-dictionary fetchnvd -years $i; done

Opsiyonel - JVN - Japan Vulnerability Notes tarafından vulnerability verilerini alıyoruz.

JVN - Japan Vulnerability Notes verilerine ihtiyaç duymuyorsanız bu adımı atlayabilirsiniz.

# cd $HOME
# for i in `seq 1998 $(date +"%Y")`; do go-cve-dictionary fetchjvn -years $i; done

goval-dictionary deploy ediyoruz.

# mkdir -p $GOPATH/src/github.com/kotakanbe
# cd $GOPATH/src/github.com/kotakanbe
# git clone https://github.com/kotakanbe/goval-dictionary.git
# cd goval-dictionary
# make install
# ln -s $GOPATH/src/github.com/kotakanbe/goval-dictionary/oval.sqlite3 $HOME/oval.sqlite3

Tarama yapılacak sunucular için OVAL tarafından ilgili verileri alıyoruz.

# goval-dictionary fetch-redhat 7 8

Diğer tarama yapacağınız Linux dağıtımları için, dağıtım türüne ve sürümüne göre OVAL verilerini önceden almanız gerekmektedir. Bu bağlantı size yardımcı olacaktır.

gost (go-security-tracker) deploy ediyoruz.

# sudo mkdir /var/log/gost
# sudo chown <username> /var/log/gost
# sudo chmod 700 /var/log/gost
# mkdir -p $GOPATH/src/github.com/knqyf263
# cd $GOPATH/src/github.com/knqyf263
# git clone https://github.com/knqyf263/gost.git
# cd gost
# make install
# ln -s $GOPATH/src/github.com/knqyf263/gost/gost.sqlite3 $HOME/gost.sqlite3

Diğer tarama yapacağınız Linux dağıtımları için dağıtım türüne göre Security Tracker verilerini önceden almanız gerekmektedir. Bu bağlantı size yardımcı olacaktır.

# gost fetch redhat

Opsiyonel - go-exploitdb deploy ediyoruz.

Algılanan CVE'ler için geliştirilmiş istismar kodlarının görüntülenmesine (ExploitDB) ihtiyaç duymuyorsanız bu adımı atlayabilirsiniz.

# sudo mkdir /var/log/go-exploitdb
# sudo chown <username> /var/log/go-exploitdb
# sudo chmod 700 /var/log/go-exploitdb
# mkdir -p $GOPATH/src/github.com/mozqnet
# cd $GOPATH/src/github.com/mozqnet
# git clone https://github.com/mozqnet/go-exploitdb.git
# cd go-exploitdb
# make install
# ln -s $GOPATH/src/github.com/mozqnet/go-exploitdb/go-exploitdb.sqlite3 $HOME/go-exploitdb.sqlite3

İlgili veriyi alıyoruz. --deep paramatresi ile daha fazla istismar kodunun verisini alabilirsiniz.

# go-exploitdb fetch exploitdb

Opsiyonel - go-msfdb deploy ediyoruz.

Algılan CVE'ler için geliştirilmiş istismar modüllerinin görüntülenmesine (Metasploit Framework > Modules) ihtiyaç duymuyorsanız bu adımı atlayabilirsiniz.

# sudo mkdir /var/log/go-msfdb
# sudo chown <username> /var/log/go-msfdb
# sudo chmod 700 /var/log/go-msfdb
# mkdir -p $GOPATH/src/github.com/takuzoo3868
# cd $GOPATH/src/github.com/takuzoo3868
# git clone https://github.com/takuzoo3868/go-msfdb.git
# cd go-msfdb
# make install
# ln -s $GOPATH/src/github.com/takuzoo3868/go-msfdb/go-msfdb.sqlite3 $HOME/go-msfdb.sqlite3

İlgili veriyi alıyoruz.

# go-msfdb fetch msfdb

Vuls deploy ediyoruz.

# mkdir -p $GOPATH/src/github.com/future-architect
# cd $GOPATH/src/github.com/future-architect
# git clone https://github.com/future-architect/vuls.git
# cd vuls
# make install

Vuls update için aşağıdaki adımları izlemeniz gerekmektedir.

# rm -rf $GOPATH/pkg/linux_amd64/github.com/future-architect/vuls/
# rm -rf $GOPATH/src/github.com/future-architect/vuls/
# cd $GOPATH/src/github.com/future-architect
# git clone https://github.com/future-architect/vuls.git
# cd vuls
# make install

Vuls konfigürasyonunu (config.toml) oluşturuyoruz.

# cd $HOME
# vim config.toml

Konfigürasyon içeriği aşağıdadır. Kendinize göre düzenlemeniz gereken sqlite3Path dizinleri olacaktır.

[cveDict]
type        = "sqlite3"
sqlite3Path = "/home/username/cve.sqlite3"
#url        = ""

[ovalDict]
type        = "sqlite3"
sqlite3Path = "/home/username/oval.sqlite3"
#url        = ""

[gost]
type        = "sqlite3"
sqlite3Path = "/home/username/gost.sqlite3"
#url        = ""

[exploit]
type        = "sqlite3"
sqlite3Path = "/home/username/go-exploitdb.sqlite3"
#url        = ""

[metasploit]
type        = "sqlite3"
sqlite3Path = "/home/username/go-msfdb.sqlite3"
#url        = ""

# https://vuls.io/docs/en/usage-settings.html#slack-section
#[slack]
#hookURL      = "https://hooks.slack.com/services/abc123/defghijklmnopqrstuvwxyz"
##legacyToken = "xoxp-11111111111-222222222222-3333333333"
#channel      = "#channel-name"
##channel     = "${servername}"
#iconEmoji    = ":ghost:"
#authUser     = "username"
#notifyUsers  = ["@username"]

# https://vuls.io/docs/en/usage-settings.html#email-section
#[email]
#smtpAddr      = "smtp.example.com"
#smtpPort      = "587"
#user          = "username"
#password      = "password"
#from          = "from@example.com"
#to            = ["to@example.com"]
#cc            = ["cc@example.com"]
#subjectPrefix = "[vuls]"

# https://vuls.io/docs/en/usage-settings.html#http-section
#[http]
#url = "http://localhost:11234"

# https://vuls.io/docs/en/usage-settings.html#syslog-section
#[syslog]
#protocol    = "tcp"
#host        = "localhost"
#port        = "514"
#tag         = "vuls"
#facility    = "local0"
#severity    = "alert"
#verbose     = false

# https://vuls.io/docs/en/usage-report.html#example-put-results-in-s3-bucket
#[aws]
#profile                = "default"
#region                 = "ap-northeast-1"
#s3Bucket               = "vuls"
#s3ResultsDir           = "/path/to/result"
#s3ServerSideEncryption = "AES256"

# https://vuls.io/docs/en/usage-report.html#example-put-results-in-azure-blob-storage<Paste>
#[azure]
#accountName   = "default"
#accountKey    = "xxxxxxxxxxxxxx"
#containerName = "vuls"

# https://vuls.io/docs/en/usage-settings.html#stride-section
#[stride]
#hookURL   = "xxxxxxxxxxxxxxx"
#authToken = "xxxxxxxxxxxxxx"

# https://vuls.io/docs/en/usage-settings.html#hipchat-section
#[hipchat]
#room      = "vuls"
#authToken = "xxxxxxxxxxxxxx"

# https://vuls.io/docs/en/usage-settings.html#chatwork-section
#[chatwork]
#room     = "xxxxxxxxxxx"
#apiToken = "xxxxxxxxxxxxxxxxxx"

# https://vuls.io/docs/en/usage-settings.html#telegram-section
#[telegram]
#chatID     = "xxxxxxxxxxx"
#token = "xxxxxxxxxxxxxxxxxx"

# https://vuls.io/docs/en/usage-settings.html#default-section
[default]
#port               = "22"
#user               = "username"
#keyPath            = "/home/username/.ssh/id_rsa"
#scanMode           = ["fast", "fast-root", "deep", "offline"]
#cpeNames = [
#  "cpe:/a:rubyonrails:ruby_on_rails:4.2.1",
#]
#owaspDCXMLPath     = "/tmp/dependency-check-report.xml"
#ignoreCves         = ["CVE-2014-6271"]
#containerType      = "docker" #or "lxd" or "lxc" default: docker
#containersIncluded = ["${running}"]
#containersExcluded = ["container_name_a"]

# https://vuls.io/docs/en/usage-settings.html#servers-section
[servers]

[servers.localhost]
host                = "localhost"
port               = "local"
#user               = "root"
#sshConfigPath		= "/home/username/.ssh/config"
#keyPath            = "/home/username/.ssh/id_rsa"
#scanMode           = ["fast", "fast-root", "deep", "offline"]
#type               = "pseudo"
#memo               = "DB Server"
#cpeNames           = [ "cpe:/a:rubyonrails:ruby_on_rails:4.2.1" ]
#owaspDCXMLPath     = "/path/to/dependency-check-report.xml"
#ignoreCves         = ["CVE-2014-0160"]
#containerType      = "docker" #or "lxd" or "lxc" default: docker
#containersIncluded = ["${running}"]
#containersExcluded = ["container_name_a"]

#[servers.localhost.containers.container_name_a]
#cpeNames       = [ "cpe:/a:rubyonrails:ruby_on_rails:4.2.1" ]
#owaspDCXMLPath = "/path/to/dependency-check-report.xml"
#ignoreCves     = ["CVE-2014-0160"]

#[servers.localhost.githubs."owner/repo"]
#token   = "yourToken"

#[servers.localhost.wordpress]
#cmdPath = "/usr/local/bin/wp"
#osUser = "wordpress"
#docRoot = "/path/to/DocumentRoot/"
#wpVulnDBToken = "xxxxTokenxxxx"
#ignoreInactive = true

#[servers.localhost.optional]
#key = "value1"

Konfigürasyonu check ediyoruz. Herhangi bir sorun gözükmemektedir.

# vuls configtest
[Nov 29 18:51:41]  INFO [localhost] Validating config...
[Nov 29 18:51:41]  INFO [localhost] Detecting Server/Container OS... 
[Nov 29 18:51:41]  INFO [localhost] Detecting OS of servers... 
[Nov 29 18:51:41]  INFO [localhost] (1/1) Detected: localhost: centos 8.2.2004
[Nov 29 18:51:41]  INFO [localhost] Detecting OS of containers... 
[Nov 29 18:51:41]  INFO [localhost] Checking Scan Modes...
[Nov 29 18:51:41]  INFO [localhost] Checking dependencies...
[Nov 29 18:51:41]  INFO [localhost] Dependencies ... Pass
[Nov 29 18:51:41]  INFO [localhost] Checking sudo settings...
[Nov 29 18:51:41]  INFO [localhost] Sudo... Pass
[Nov 29 18:51:41]  INFO [localhost] It can be scanned with fast scan mode even if warn or err messages are displayed due to lack of dependent packages or sudo settings in fast-root or deep scan mode
[Nov 29 18:51:41]  INFO [localhost] Scannable servers are below...
localhost 

Vuls kurulumunu yaptığımız tarafta tarama başlatıyoruz.

# vuls scan
[Nov 29 19:55:07]  INFO [localhost] Start scanning
[Nov 29 19:55:07]  INFO [localhost] config: /home/username/config.toml
[Nov 29 19:55:07]  INFO [localhost] Validating config...
[Nov 29 19:55:07]  INFO [localhost] Detecting Server/Container OS... 
[Nov 29 19:55:07]  INFO [localhost] Detecting OS of servers... 
[Nov 29 19:55:07]  INFO [localhost] (1/1) Detected: localhost: centos 8.2.2004
[Nov 29 19:55:07]  INFO [localhost] Detecting OS of containers... 
[Nov 29 19:55:07]  INFO [localhost] Checking Scan Modes... 
[Nov 29 19:55:07]  INFO [localhost] Detecting Platforms... 
[Nov 29 19:55:08]  INFO [localhost] (1/1) localhost is running on other
[Nov 29 19:55:08]  INFO [localhost] Detecting IPS identifiers... 
[Nov 29 19:55:08]  INFO [localhost] (1/1) localhost has 0 IPS integration
[Nov 29 19:55:08]  INFO [localhost] Scanning vulnerabilities... 
[Nov 29 19:55:08]  INFO [localhost] Scanning vulnerable OS packages...
[Nov 29 19:55:08]  INFO [localhost] Scanning in fast mode


Scan Summary
================
localhost	centos8.2.2004	516 installed, 0 updatable

To view the detail, vuls tui is useful.
To send a report, run vuls report -h.

Tarama ile ilgili tek satırlık rapor alıyoruz.

# vuls report -format-one-line-text
[Nov 29 19:59:45]  INFO [localhost] Validating config...
[Nov 29 19:59:45]  INFO [localhost] Loaded: /home/username/results/2020-11-29T19:55:08+03:00
[Nov 29 19:59:45]  INFO [localhost] Validating db config...
INFO[0000] -cvedb-type: sqlite3, -cvedb-url: , -cvedb-path: /home/username/cve.sqlite3 
INFO[0000] -ovaldb-type: sqlite3, -ovaldb-url: , -ovaldb-path: /home/username/oval.sqlite3 
INFO[0000] -gostdb-type: sqlite3, -gostdb-url: , -gostdb-path: /home/username/gost.sqlite3 
INFO[0000] -exploitdb-type: sqlite3, -exploitdb-url: , -exploitdb-path: /home/username/go-exploitdb.sqlite3 
INFO[0000] -msfdb-type: sqlite3, -msfdb-url: , -msfdb-path: /home/username/go-msfdb.sqlite3 
DBUG[11-29|14:59:45] Opening DB (sqlite3). 
DBUG[11-29|14:59:45] Migrating DB (sqlite3). 
INFO[11-29|14:59:45] Opening DB.                              db=sqlite3
INFO[11-29|14:59:45] Migrating DB.                            db=sqlite3
INFO[11-29|14:59:45] Opening Database.                        db=sqlite3
INFO[11-29|14:59:45] Migrating DB.                            db=sqlite3
INFO[11-29|14:59:45] Opening DB                               db=sqlite3
INFO[11-29|14:59:45] Migrating DB                             db=sqlite3
[Nov 29 14:59:45]  INFO [localhost] No need to refresh


One Line Summary
================
localhost	Total: 171 (High:41 Medium:92 Low:38 ?:0)	0/171 Fixed	516 installed, 0 updatable	0 exploits	0 modules	en: 1, ja: 0 alerts

Tarama ile ilgili özet rapor alıyoruz. Sonuçlar kısaltılmıştır.

# vuls report -format-list
[Nov 29 15:02:17]  INFO [localhost] Validating config...
[Nov 29 15:02:17]  INFO [localhost] Loaded: /home/username/results/2020-11-29T14:55:08+03:00
[Nov 29 15:02:17]  INFO [localhost] Validating db config...
INFO[0000] -cvedb-type: sqlite3, -cvedb-url: , -cvedb-path: /home/username/cve.sqlite3 
INFO[0000] -ovaldb-type: sqlite3, -ovaldb-url: , -ovaldb-path: /home/username/oval.sqlite3 
INFO[0000] -gostdb-type: sqlite3, -gostdb-url: , -gostdb-path: /home/username/gost.sqlite3 
INFO[0000] -exploitdb-type: sqlite3, -exploitdb-url: , -exploitdb-path: /home/username/go-exploitdb.sqlite3 
INFO[0000] -msfdb-type: sqlite3, -msfdb-url: , -msfdb-path: /home/username/go-msfdb.sqlite3 
DBUG[11-29|15:02:17] Opening DB (sqlite3). 
DBUG[11-29|15:02:17] Migrating DB (sqlite3). 
INFO[11-29|15:02:17] Opening DB.                              db=sqlite3
INFO[11-29|15:02:17] Migrating DB.                            db=sqlite3
INFO[11-29|15:02:17] Opening Database.                        db=sqlite3
INFO[11-29|15:02:17] Migrating DB.                            db=sqlite3
INFO[11-29|15:02:17] Opening DB                               db=sqlite3
INFO[11-29|15:02:17] Migrating DB                             db=sqlite3
[Nov 29 15:02:17]  INFO [localhost] No need to refresh
localhost (centos8.2.2004)
==========================
Total: 171 (High:41 Medium:92 Low:38 ?:0), 0/171 Fixed, 516 installed, 0 updatable, 0 exploits, 0 modules, en: 1, ja: 0 alerts

+----------------+------+--------+-----+--------+---------+-------------------------------------------------+
|     CVE-ID     | CVSS | ATTACK | POC |  CERT  |  FIXED  |                       NVD                       |
+----------------+------+--------+-----+--------+---------+-------------------------------------------------+
| CVE-2019-18276 | 10.0 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-18276 |
| CVE-2019-20636 | 10.0 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20636 |
| CVE-2019-12900 |  9.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-12900 |
| CVE-2019-20218 |  9.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20218 |
| CVE-2020-12654 |  9.8 |  AV:A  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-12654 |
| CVE-2020-26154 |  9.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-26154 |
| CVE-2020-12321 |  9.6 |  AV:A  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-12321 |
| CVE-2019-14889 |  9.3 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-14889 |
| CVE-2020-12351 |  8.8 |  AV:A  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-12351 |
| CVE-2020-25661 |  8.8 |  AV:A  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-25661 |
| CVE-2020-15999 |  8.6 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-15999 |
| CVE-2020-12352 |  8.3 |  AV:A  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-12352 |
| CVE-2020-24490 |  8.3 |  AV:A  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-24490 |
| CVE-2019-19770 |  8.2 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19770 |
| CVE-2019-13627 |  8.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-13627 |
| CVE-2019-5018  |  8.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-5018  |
| CVE-2019-20916 |  8.0 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20916 |
| CVE-2018-20843 |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-20843 |
| CVE-2019-12614 |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-12614 |
| CVE-2019-15807 |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-15807 |
| CVE-2019-15917 |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-15917 |
| CVE-2019-15925 |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-15925 |
| CVE-2019-16231 |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-16231 |
| CVE-2019-16233 |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-16233 |
| CVE-2019-18809 |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-18809 |
| CVE-2019-19046 |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19046 |
| CVE-2019-19056 |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19056 |
| CVE-2019-19062 |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19062 |

Tarama ile ilgili tam rapor alıyoruz. Sonuçlar kısaltılmıştır.

# vuls report -format-full-text | less
[Nov 29 15:55:56]  INFO [localhost] Validating config...
[Nov 29 15:55:56]  INFO [localhost] Loaded: /home/username/results/2020-11-29T14:55:08+03:00
[Nov 29 15:55:56]  INFO [localhost] Validating db config...
INFO[0000] -cvedb-type: sqlite3, -cvedb-url: , -cvedb-path: /home/username/cve.sqlite3 
INFO[0000] -ovaldb-type: sqlite3, -ovaldb-url: , -ovaldb-path: /home/username/oval.sqlite3 
INFO[0000] -gostdb-type: sqlite3, -gostdb-url: , -gostdb-path: /home/username/gost.sqlite3 
INFO[0000] -exploitdb-type: sqlite3, -exploitdb-url: , -exploitdb-path: /home/username/go-exploitdb.sqlite3 
INFO[0000] -msfdb-type: sqlite3, -msfdb-url: , -msfdb-path: /home/username/go-msfdb.sqlite3 
t=2020-11-29T15:55:56+0300 lvl=dbug msg="Opening DB (sqlite3)."
t=2020-11-29T15:55:56+0300 lvl=dbug msg="Migrating DB (sqlite3)."
t=2020-11-29T15:55:56+0300 lvl=info msg="Opening DB." db=sqlite3
t=2020-11-29T15:55:56+0300 lvl=info msg="Migrating DB." db=sqlite3
t=2020-11-29T15:55:56+0300 lvl=info msg="Opening Database." db=sqlite3
t=2020-11-29T15:55:56+0300 lvl=info msg="Migrating DB." db=sqlite3
t=2020-11-29T15:55:56+0300 lvl=info msg="Opening DB" db=sqlite3
t=2020-11-29T15:55:56+0300 lvl=info msg="Migrating DB" db=sqlite3
[Nov 29 15:55:56]  INFO [localhost] No need to refresh
localhost (centos8.2.2004)
==========================
Total: 171 (High:41 Medium:92 Low:38 ?:0), 0/171 Fixed, 516 installed, 0 updatable, 0 exploits, 0 modules, en: 1, ja: 0 alerts

+----------------+----------------------------------------------------------------------------------+
| CVE-2019-18276 | UNFIXED                                                                          |
+----------------+----------------------------------------------------------------------------------+
| Max Score      | 10.0 HIGH (jvn)                                                                  |
| nvd            | 7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H HIGH                            |
| redhat_api     | 7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H LOW                             |
| jvn            | 9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CRITICAL                        |
| nvd            | 7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C HIGH                                              |
| jvn            | 10.0/AV:N/AC:L/Au:N/C:C/I:C/A:C HIGH                                             |
| Summary        | An issue was discovered in disable_priv_mode in shell.c in GNU Bash through      |
|                | 5.0 patch 11. By default, if Bash is run with its effective UID not equal to     |
|                | its real UID, it will drop privileges by setting its effective UID to its real   |
|                | UID. However, it does so incorrectly. On Linux and other systems that support    |
|                | "saved UID" functionality, the saved UID is not dropped. An attacker with        |
|                | command execution in the shell can use "enable -f" for runtime loading of a new  |
|                | builtin, which can be a shared object that calls setuid() and therefore regains  |
|                | privileges. However, binaries running with an effective UID of 0 are unaffected. |
| CWE            | CWE-273: Improper Check for Dropped Privileges (nvd)                             |
| CWE            | CWE-271: Privilege Dropping / Lowering Errors (redhat_api)                       |
| Affected Pkg   | bash-4.4.19-10.el8 -> Affected                                                   |
| Confidence     | 100 / RedHatAPIMatch                                                             |
| Source         | https://nvd.nist.gov/vuln/detail/CVE-2019-18276                                  |
| CVSSv2 Calc    | https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=CVE-2019-18276         |
| CVSSv3 Calc    | https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2019-18276         |
| RHEL-CVE       | https://access.redhat.com/security/cve/CVE-2019-18276                            |
| CWE            | https://cwe.mitre.org/data/definitions/CWE-273.html                              |
| CWE            | https://cwe.mitre.org/data/definitions/CWE-271.html                              |
+----------------+----------------------------------------------------------------------------------+

Vuls tarama sonucunu görüntülemek için TUI (Terminal Based Viewer) kullanabilirsiniz.

# vuls tui

Vuls tarama sonucunu Web UI tarafında görüntülemek için VulsRepo kullanabilirsiniz.

Author

SECSTACK

View Comments