From 2e7b9959b7735df205740d2d92ebb936b6a7c84f Mon Sep 17 00:00:00 2001 From: white celery Date: Fri, 10 Mar 2023 13:44:22 +0000 Subject: [PATCH 01/12] CVE-2023-26604 Signed-off-by: white celery --- cve/sudo/2023/README.md | 2 ++ cve/sudo/2023/checker.sh | 10 ++++++++++ 2 files changed, 12 insertions(+) create mode 100644 cve/sudo/2023/README.md create mode 100644 cve/sudo/2023/checker.sh diff --git a/cve/sudo/2023/README.md b/cve/sudo/2023/README.md new file mode 100644 index 00000000..664c4752 --- /dev/null +++ b/cve/sudo/2023/README.md @@ -0,0 +1,2 @@ +# CVE-2023-26604 +Checker for CVE-2023-26604 diff --git a/cve/sudo/2023/checker.sh b/cve/sudo/2023/checker.sh new file mode 100644 index 00000000..b0c8aa48 --- /dev/null +++ b/cve/sudo/2023/checker.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +version=$(systemd --version | awk -F " " '{print $2}'| awk -F "+" '{print $1}') + +if (($version < "247")) then + echo 'Vulnerable' +else + echo 'Not vulnerable' +fi + -- Gitee From 73bd2b123044788dd4815fb5cd4368a0d4b2780b Mon Sep 17 00:00:00 2001 From: white celery Date: Fri, 10 Mar 2023 13:44:48 +0000 Subject: [PATCH 02/12] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?= =?UTF-8?q?e/sudo/2023/README.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/sudo/2023/README.md | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 cve/sudo/2023/README.md diff --git a/cve/sudo/2023/README.md b/cve/sudo/2023/README.md deleted file mode 100644 index 664c4752..00000000 --- a/cve/sudo/2023/README.md +++ /dev/null @@ -1,2 +0,0 @@ -# CVE-2023-26604 -Checker for CVE-2023-26604 -- Gitee From 2d7f20f098c41d0585f0f43ac4774d487ba92850 Mon Sep 17 00:00:00 2001 From: white celery Date: Fri, 10 Mar 2023 13:45:11 +0000 Subject: [PATCH 03/12] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?= =?UTF-8?q?e/sudo/2023/checker.sh?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/sudo/2023/checker.sh | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 cve/sudo/2023/checker.sh diff --git a/cve/sudo/2023/checker.sh b/cve/sudo/2023/checker.sh deleted file mode 100644 index b0c8aa48..00000000 --- a/cve/sudo/2023/checker.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -version=$(systemd --version | awk -F " " '{print $2}'| awk -F "+" '{print $1}') - -if (($version < "247")) then - echo 'Vulnerable' -else - echo 'Not vulnerable' -fi - -- Gitee From c46480f9c65a5007bf972caf303347e84aac14e5 Mon Sep 17 00:00:00 2001 From: white celery Date: Fri, 10 Mar 2023 13:45:32 +0000 Subject: [PATCH 04/12] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20CVE-2023-26604?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/sudo/2023/CVE-2023-26604/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/sudo/2023/CVE-2023-26604/.keep diff --git a/cve/sudo/2023/CVE-2023-26604/.keep b/cve/sudo/2023/CVE-2023-26604/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From 87d3afe4fcac39fb769cd81061d205b5d796b233 Mon Sep 17 00:00:00 2001 From: white celery Date: Fri, 10 Mar 2023 13:47:08 +0000 Subject: [PATCH 05/12] CVE-2023-26604 Signed-off-by: white celery --- cve/sudo/2023/CVE-2023-26604/README.md | 2 ++ cve/sudo/2023/CVE-2023-26604/checker.sh | 10 ++++++++++ 2 files changed, 12 insertions(+) create mode 100644 cve/sudo/2023/CVE-2023-26604/README.md create mode 100644 cve/sudo/2023/CVE-2023-26604/checker.sh diff --git a/cve/sudo/2023/CVE-2023-26604/README.md b/cve/sudo/2023/CVE-2023-26604/README.md new file mode 100644 index 00000000..664c4752 --- /dev/null +++ b/cve/sudo/2023/CVE-2023-26604/README.md @@ -0,0 +1,2 @@ +# CVE-2023-26604 +Checker for CVE-2023-26604 diff --git a/cve/sudo/2023/CVE-2023-26604/checker.sh b/cve/sudo/2023/CVE-2023-26604/checker.sh new file mode 100644 index 00000000..b0c8aa48 --- /dev/null +++ b/cve/sudo/2023/CVE-2023-26604/checker.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +version=$(systemd --version | awk -F " " '{print $2}'| awk -F "+" '{print $1}') + +if (($version < "247")) then + echo 'Vulnerable' +else + echo 'Not vulnerable' +fi + -- Gitee From b2d1c48c4a4a1a9540f489485f2bd4e88aea4645 Mon Sep 17 00:00:00 2001 From: white celery Date: Fri, 10 Mar 2023 13:47:22 +0000 Subject: [PATCH 06/12] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cv?= =?UTF-8?q?e/sudo/2023/CVE-2023-26604/.keep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/sudo/2023/CVE-2023-26604/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 cve/sudo/2023/CVE-2023-26604/.keep diff --git a/cve/sudo/2023/CVE-2023-26604/.keep b/cve/sudo/2023/CVE-2023-26604/.keep deleted file mode 100644 index e69de29b..00000000 -- Gitee From 854dbffba3e8b0d2bb2e96897afc497bd7ef0463 Mon Sep 17 00:00:00 2001 From: white celery Date: Fri, 10 Mar 2023 13:50:34 +0000 Subject: [PATCH 07/12] update openkylin_list.yaml. Signed-off-by: white celery --- openkylin_list.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/openkylin_list.yaml b/openkylin_list.yaml index f822acc2..9d75fadd 100644 --- a/openkylin_list.yaml +++ b/openkylin_list.yaml @@ -27,6 +27,7 @@ cve: sudo: - CVE-2021-3156 - CVE-2023-22809 + - CVE-2023-26604 gitlab: - CVE-2021-22205 - CVE-2022-1162 -- Gitee From af9662026d52e9b08b66cf8ebc540853a537d8ac Mon Sep 17 00:00:00 2001 From: white celery Date: Fri, 10 Mar 2023 14:02:56 +0000 Subject: [PATCH 08/12] add cve/sudo/2023/yaml/CVE-2023-26604.yaml. Signed-off-by: white celery --- cve/sudo/2023/yaml/CVE-2023-26604.yaml | 1 + 1 file changed, 1 insertion(+) create mode 100644 cve/sudo/2023/yaml/CVE-2023-26604.yaml diff --git a/cve/sudo/2023/yaml/CVE-2023-26604.yaml b/cve/sudo/2023/yaml/CVE-2023-26604.yaml new file mode 100644 index 00000000..9d07aa0d --- /dev/null +++ b/cve/sudo/2023/yaml/CVE-2023-26604.yaml @@ -0,0 +1 @@ +111 \ No newline at end of file -- Gitee From 9202685237a37d7605d063bd2b7093ce1afa10e0 Mon Sep 17 00:00:00 2001 From: white celery Date: Fri, 10 Mar 2023 14:11:33 +0000 Subject: [PATCH 09/12] update cve/sudo/2023/yaml/CVE-2023-26604.yaml. Signed-off-by: white celery --- cve/sudo/2023/yaml/CVE-2023-26604.yaml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/cve/sudo/2023/yaml/CVE-2023-26604.yaml b/cve/sudo/2023/yaml/CVE-2023-26604.yaml index 9d07aa0d..9593b7d4 100644 --- a/cve/sudo/2023/yaml/CVE-2023-26604.yaml +++ b/cve/sudo/2023/yaml/CVE-2023-26604.yaml @@ -1 +1,20 @@ -111 \ No newline at end of file +id: CVE-2023-26604 +source: https://github.com/Zenmovie/CVE-2023-26604 +info: + name: Sudo 是一个用于类 Unix 计算机操作系统的程序,它能够使用户能够以另一个用户(默认是超级用户)的安全权限运行程序。sudoedit 功能用于以另外一个用户身份编辑文件。 + severity: high + description: + Sudo 受影响版本的 sudoedit 功能存在权限管理不当漏洞,漏洞源于 sudo_edit.c@sudo_edit() 方法未对用户通过“--”参数传入的文件名进行过滤,导致具有 sudoedit 权限的恶意用户可编辑系统中的任意文件。 + scope-of-influence: + sudo@[1.8.0, 1.9.12p2) + references: + - https://nvd.nist.gov/vuln/detail/cve-2023-26604 + classification: + cvss-metrics: None + cvss-score: None + cve-id: CVE-2023-26604 + cwe-id: None + cnvd-id: None + kve-id: None + tags: + - None \ No newline at end of file -- Gitee From 665e0dcb5ec892858b5fe3f8db73b03da5a351df Mon Sep 17 00:00:00 2001 From: white celery Date: Fri, 10 Mar 2023 14:18:17 +0000 Subject: [PATCH 10/12] update cve/sudo/2023/yaml/CVE-2023-26604.yaml. Signed-off-by: white celery --- cve/sudo/2023/yaml/CVE-2023-26604.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cve/sudo/2023/yaml/CVE-2023-26604.yaml b/cve/sudo/2023/yaml/CVE-2023-26604.yaml index 9593b7d4..278a1cec 100644 --- a/cve/sudo/2023/yaml/CVE-2023-26604.yaml +++ b/cve/sudo/2023/yaml/CVE-2023-26604.yaml @@ -1,17 +1,17 @@ id: CVE-2023-26604 source: https://github.com/Zenmovie/CVE-2023-26604 info: - name: Sudo 是一个用于类 Unix 计算机操作系统的程序,它能够使用户能够以另一个用户(默认是超级用户)的安全权限运行程序。sudoedit 功能用于以另外一个用户身份编辑文件。 + name: Sudo 是一个用于类 Unix 计算机操作系统的程序,它能够使用户能够以另一个用户(默认是超级用户)的安全权限运行程序。 severity: high description: - Sudo 受影响版本的 sudoedit 功能存在权限管理不当漏洞,漏洞源于 sudo_edit.c@sudo_edit() 方法未对用户通过“--”参数传入的文件名进行过滤,导致具有 sudoedit 权限的恶意用户可编辑系统中的任意文件。 + 在247之前的systemd不能充分阻止某些Sudo配置的本地特权升级,例如,可能会在其中执行“systemctl status”命令的sudoers文件。具体来说,systemd没有将LESSSECURE设置为1,因此其他程序可能会从less程序启动。当从Sudo运行systemctl时,这会带来很大的安全风险,因为当终端大小太小而无法显示完整的systemctl输出时,less会作为root执行。 scope-of-influence: - sudo@[1.8.0, 1.9.12p2) + None references: - https://nvd.nist.gov/vuln/detail/cve-2023-26604 classification: cvss-metrics: None - cvss-score: None + cvss-score: N/A cve-id: CVE-2023-26604 cwe-id: None cnvd-id: None -- Gitee From b190895bd66e5eb860f9e058564e21cf492b40d7 Mon Sep 17 00:00:00 2001 From: white celery Date: Fri, 10 Mar 2023 14:20:46 +0000 Subject: [PATCH 11/12] update cve/sudo/2023/yaml/CVE-2023-26604.yaml. Signed-off-by: white celery --- cve/sudo/2023/yaml/CVE-2023-26604.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cve/sudo/2023/yaml/CVE-2023-26604.yaml b/cve/sudo/2023/yaml/CVE-2023-26604.yaml index 278a1cec..705c1fc6 100644 --- a/cve/sudo/2023/yaml/CVE-2023-26604.yaml +++ b/cve/sudo/2023/yaml/CVE-2023-26604.yaml @@ -17,4 +17,4 @@ info: cnvd-id: None kve-id: None tags: - - None \ No newline at end of file + - 特权升级 \ No newline at end of file -- Gitee From 90fa3216fc37bc3a93d11589401a7a2b17af5384 Mon Sep 17 00:00:00 2001 From: white celery Date: Fri, 10 Mar 2023 14:52:17 +0000 Subject: [PATCH 12/12] =?UTF-8?q?=E6=96=B0=E5=BB=BA=202023?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/gitlab/2023/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/gitlab/2023/.keep diff --git a/cve/gitlab/2023/.keep b/cve/gitlab/2023/.keep new file mode 100644 index 00000000..e69de29b -- Gitee