Aborts with `Both 'src-url' and 'exploit-db' entries are empty for '\e[1;32m[CVE-2019-15666]\e[0m XFRM_UAF' exploit - fix that. Aborting.`
xtaran opened this issue · 4 comments
xtaran commented
I just cloned the git repository (as of HEAD at commit 65589f8) and the script seems to abort inmidst execution as follows on an up-to-date RHEL7, rebooted into the most recent kernel:
$ ./linux-exploit-suggester.sh
Available information:
Kernel version: 3.10.0
Architecture: x86_64
Distribution: RHEL
Distribution version: 7.8
Additional checks (CONFIG_*, sysctl entries, custom Bash commands): performed
Package listing: from current OS
Searching among:
74 kernel space exploits
45 user space exploits
Possible Exploits:
[…]
[+] [CVE-2019-18634] sudo pwfeedback
Details: https://dylankatz.com/Analysis-of-CVE-2019-18634/
Exposure: less probable
Tags: mint=19
Download URL: https://github.com/saleemrashid/sudo-cve-2019-18634/raw/master/exploit.c
Comments: sudo configuration requires pwfeedback to be enabled.
Both 'src-url' and 'exploit-db' entries are empty for '\e[1;32m[CVE-2019-15666]\e[0m XFRM_UAF' exploit - fix that. Aborting.
So it seems as if the software expects some constrains which the internal database entry for CVE-2019-15666 can't fulfill.
(The unparsed ANSI sequences show up on the terminal as above — uninterpreted. Not sure if this is on purpose.)
d0gkiller87 commented
Same here. $ uname -a
Linux 4d694cb04133 4.15.0-106-generic #107-Ubuntu SMP Thu Jun 4 11:27:52 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux