version 1.1 released

xxm3 · Jan 7, 2020 · 2edd597 · 2edd597
1 parent d95305f
commit 2edd597
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 2 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,4 +1,52 @@
 
+linux-exploit-suggester.sh v1.1 [2020-01-07]
+
+o Add more reliable DISTRO version detection (based on /etc/*-release files)
+
+o Added following exploits:
+
+  + add SystemTap exploit (CVE-2010-4170) (#46) [bcoles]
+
+  + add abrt/sosreport-rhel7 exploit (#48) [bcoles]
+
+  + add Return of the WIZard (exim) (CVE-2019-10149) (#54) [bcoles]
+
+  + Add Serv-U FTP Server exploit (CVE-2019-12181) (#58) [bcoles]
+
+  + Add PTRACE_TRACEME (CVE-2019-13272) (#61) [bcoles]
+
+  + Add ktsuss (CVE-2011-2921) (#62) [bcoles]
+
+  + Add rds_atomic_free_op NULL pointer dereference (CVE-2018-5333) (#67) [bcoles]
+
+  + Add GNU Mailutils maidag url local root (CVE-2019-18862) (#69) [bcoles]
+
+o Added following '--checksec' mode improvements:
+
+  + add detection for kernel.yama.ptrace_scope (#49) [bcoles]
+
+o Rewritten README.md. Displaying exposure (calculted based on rank) instead of raw numeric rank
+
+o '--uname' mode improvement: do tagging and rank calculation also
+    when LES is run with '--uname' switch. uname string contains
+    distro name so we're bumping rank (+1) for each exploit that is
+    known run on given distro. Also rank is bumped when there is
+    kernel version match (+3).
+
+o Refinements for following exploits:
+
+  + add ntfs-3g version check: pkg=ntfs-3g,ver<2017.4 (#50) [bcoles]
+
+  + update tested package versions for raceabrt (#47) [bcoles]
+
+  + add udev version check pkg=udev,ver<141 (#51) [bcoles]
+
+  + RationalLove fix: libc package is named 'libc6' on Debian/Ubuntu
+
+  + Add nginx version check: pkg=nginx|nginx-full,ver<1.10.3 (#57) [bcoles]
+
+  + rds_atomic_free_op exploit: update targets
+
 linux-exploit-suggester.sh v1.0 [2019-03-01]
 
 o Added additional 'Tags' for multiple exploits based on:

diff --git a/linux-exploit-suggester.sh b/linux-exploit-suggester.sh
@@ -1,15 +1,15 @@
 #!/bin/bash
 
 #
-# Copyright (c) 2016-2019, mzet
+# Copyright (c) 2016-2020, @_mzet_
 #
 # linux-exploit-suggester.sh comes with ABSOLUTELY NO WARRANTY.
 # This is free software, and you are welcome to redistribute it
 # under the terms of the GNU General Public License. See LICENSE
 # file for usage of this software.
 #
 
-VERSION=v1.0
+VERSION=v1.1
 
 # bash colors
 #txtred="\e[0;31m"