Project Update

linux-exploit-suggester.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 #
-# Copyright (c) 2016-2020, @_mzet_
+# Copyright (c) 2016-2022, @_mzet_
 #
 # linux-exploit-suggester.sh comes with ABSOLUTELY NO WARRANTY.
 # This is free software, and you are welcome to redistribute it
@@ -930,6 +930,44 @@ author: theflow (orginal exploit author); bcoles (author of exploit update at 'e
 EOF
 )
 
+EXPLOITS[((n++))]=$(cat <<EOF
+Name: ${txtgrn}[CVE-2022-0847]${txtrst} DirtyPipe
+Reqs: pkg=linux-kernel,ver>=5.8,ver<=5.16.11
+Tags: ubuntu=(20.04|21.04),debian=11
+Rank: 1
+analysis-url: https://dirtypipe.cm4all.com/
+src-url: https://haxx.in/files/dirtypipez.c
+exploit-db: 50808
+author: blasty (original exploit author: Max Kellermann)
+EOF
+)
+
+EXPLOITS[((n++))]=$(cat <<EOF
+Name: ${txtgrn}[CVE-2022-2586]${txtrst} nft_object UAF
+Reqs: pkg=linux-kernel,ver>=3.16,CONFIG_USER_NS=y,sysctl:kernel.unprivileged_userns_clone==1
+Tags: ubuntu=(20.04){kernel:5.12.13}
+Rank: 1
+analysis-url: https://www.openwall.com/lists/oss-security/2022/08/29/5
+src-url: https://www.openwall.com/lists/oss-security/2022/08/29/5/1
+Comments: kernel.unprivileged_userns_clone=1 required (to obtain CAP_NET_ADMIN)
+author: vulnerability discovery: Team Orca of Sea Security; Exploit author: Alejandro Guerrero
+EOF
+)
+
+EXPLOITS[((n++))]=$(cat <<EOF
+Name: ${txtgrn}[CVE-2022-32250]${txtrst} nft_object UAF (NFT_MSG_NEWSET)
+Reqs: pkg=linux-kernel,ver<5.18.1,CONFIG_USER_NS=y,sysctl:kernel.unprivileged_userns_clone==1
+Tags: ubuntu=(22.04){kernel:5.15.0-27-generic}
+Rank: 1
+analysis-url: https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/
+analysis-url: https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/
+src-url: https://raw.githubusercontent.com/theori-io/CVE-2022-32250-exploit/main/exp.c
+Comments: kernel.unprivileged_userns_clone=1 required (to obtain CAP_NET_ADMIN)
+author: vulnerability discovery: EDG Team from NCC Group; Author of this exploit: theori.io
+EOF
+)
+
+
 ############ USERSPACE EXPLOITS ###########################
 n=0
 
@@ -1769,7 +1807,7 @@ EOF
 FEATURES[((n++))]=$(cat <<EOF
 feature: Syscalls filtering
 available: CONFIG_SECCOMP=y
-enabled: cmd:grep -i Seccomp /proc/self/status | awk '{print \$2}'
+enabled: cmd:grep -iw Seccomp /proc/self/status | awk '{print \$2}'
 analysis-url: https://github.com/mzet-/les-res/blob/master/features/bpf_syscall.md
 EOF
 )
@@ -2167,8 +2205,8 @@ for FEATURE in "${FEATURES[@]}"; do
 
     feature=$(echo "$FEATURE" | grep "feature: " | cut -d' ' -f 2-)
 
-	if [ -n "$cmdStdout" ]; then
-        if [ "$cmdStdout" -eq 0 ]; then
+    if [ -n "$cmdStdout" ]; then
+        if [ $cmdStdout -eq 0 ]; then
             state="[ ${txtred}Set to $cmdStdout${txtrst} ]"
 			cmdStdout=""
         else
@@ -2181,15 +2219,15 @@ for FEATURE in "${FEATURES[@]}"; do
 
 	# for 3rd party (3) mode display "N/A" or "Enabled"
 	if [ $MODE -eq 3 ]; then
-        enabled="[ ${txtgrn}Enabled${txtrst}   ]"
-        disabled="[   ${txtgray}N/A${txtrst}    ]"
+            enabled="[ ${txtgrn}Enabled${txtrst}   ]"
+            disabled="[   ${txtgray}N/A${txtrst}    ]"
 
-    # for attack-surface (4) mode display "Locked" or "Exposed"
-    elif [ $MODE -eq 4 ]; then
-       enabled="[ ${txtred}Exposed${txtrst}  ]"
-       disabled="[ ${txtgrn}Locked${txtrst}   ]"
+        # for attack-surface (4) mode display "Locked" or "Exposed"
+        elif [ $MODE -eq 4 ]; then
+           enabled="[ ${txtred}Exposed${txtrst}  ]"
+           disabled="[ ${txtgrn}Locked${txtrst}   ]"
 
-	#other modes" "Disabled" / "Enabled"
+	# other modes" "Disabled" / "Enabled"
 	else
 		enabled="[ ${txtgrn}Enabled${txtrst}  ]"
 		disabled="[ ${txtred}Disabled${txtrst} ]"