Git
/
ssh-audit
mirror of https://github.com/jtesta/ssh-audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add other security information. Add remote root exploit for Dropbear SSH.

This commit is contained in:
Andris Raugulis 2016-09-08 20:04:48 +03:00
parent 864b5dae85
commit b11018bd7d
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
ssh-audit.py
View File

@ -407,6 +407,11 @@ class SSH(object):
['0.28', '0.42', 'CVE-2004-2486', 7.5, 'execute arbitrary code via DSS verification code.'], ['0.28', '0.42', 'CVE-2004-2486', 7.5, 'execute arbitrary code via DSS verification code.'],
] ]
} }
TXT = {
'Dropbear SSH': [
['0.28', '0.34', 'remote root exploit', 'remote format string buffer overflow exploit (exploit-db#387).'],
]
}
class Socket(ReadBuf, WriteBuf): class Socket(ReadBuf, WriteBuf):
SM_BANNER_SENT = 1 SM_BANNER_SENT = 1
@ -834,10 +839,23 @@ def output_security_cve(software, padlen):
out.fail('(cve) {0}{1} -- ({2}) {3}'.format(cve, padding, cvss, descr)) out.fail('(cve) {0}{1} -- ({2}) {3}'.format(cve, padding, cvss, descr))
def output_security_txt(software, padlen):
if software is None or software.product not in SSH.Security.TXT:
return
for line in SSH.Security.TXT[software.product]:
vfrom, vtill = line[0:2]
if not software.version_between(vfrom, vtill):
continue
head, descr = line[2:4]
padding = '' if out.batch else ' ' * (padlen - len(head))
out.fail('(sec) {0}{1} -- {2}'.format(head, padding, descr))
def output_security(banner, padlen): def output_security(banner, padlen):
with OutputBuffer() as obuf: with OutputBuffer() as obuf:
software = SSH.Software.parse(banner) software = SSH.Software.parse(banner)
output_security_cve(software, padlen) output_security_cve(software, padlen)
output_security_txt(software, padlen)
if len(obuf) > 0: if len(obuf) > 0:
out.head('# security') out.head('# security')
obuf.flush() obuf.flush()