guard Rex::Version.new against crashes on local modules

h00die · h00die · commit ae5f0e8689ed · 2025-01-17T16:10:23.000-05:00
diff --git a/modules/exploits/example_linux_priv_esc.rb b/modules/exploits/example_linux_priv_esc.rb
@@ -97,18 +97,24 @@ def base_dir
 
   def check
     # Check the kernel version to see if its in a vulnerable range
+    # we guard this because some distros have funky kernel versions https://github.com/rapid7/metasploit-framework/issues/19812
     release = kernel_release
-    if Rex::Version.new(release.split('-').first) > Rex::Version.new('4.14.11') ||
-       Rex::Version.new(release.split('-').first) < Rex::Version.new('4.0')
-      return CheckCode::Safe("Kernel version #{release} is not vulnerable")
+    begin
+      if Rex::Version.new(release.split('-').first) > Rex::Version.new('4.14.11') ||
+         Rex::Version.new(release.split('-').first) < Rex::Version.new('4.0')
+        return CheckCode::Safe("Kernel version #{release} is not vulnerable")
+      end
+    rescue ArgumentError => e
+      return CheckCode::Safe("Error determining or processing kernel release (#{release}) into known format: #{e}")
     end
     vprint_good "Kernel version #{release} appears to be vulnerable"
 
     # Check the app is installed and the version, debian based example
     package = cmd_exec('dpkg -l example | grep \'^ii\'')
     if package&.include?('1:2015.3.14AR.1-1build1')
-      CheckCode::Appears("Vulnerable app version #{package} detected")
+      return CheckCode::Appears("Vulnerable app version #{package} detected")
     end
+
     CheckCode::Safe("app #{package} is not vulnerable")
   end
 
diff --git a/modules/exploits/linux/local/docker_cgroup_escape.rb b/modules/exploits/linux/local/docker_cgroup_escape.rb
@@ -83,13 +83,17 @@ def check
     print_status('Unable to determine host OS, this check method is unlikely to be accurate if the host isn\'t Ubuntu')
     release = kernel_release
     # https://people.canonical.com/~ubuntu-security/cve/2022/CVE-2022-0492
-    release_short = Rex::Version.new(release.split('-').first)
-    release_long = Rex::Version.new(release.split('-')[0..1].join('-'))
-    if release_short >= Rex::Version.new('5.13.0') && release_long < Rex::Version.new('5.13.0-37.42') || # Ubuntu 21.10
-       release_short >= Rex::Version.new('5.4.0') && release_long < Rex::Version.new('5.4.0-105.119') || # Ubuntu 20.04 LTS
-       release_short >= Rex::Version.new('4.15.0') && release_long < Rex::Version.new('4.15.0-173.182') || # Ubuntu 18.04 LTS
-       release_short >= Rex::Version.new('4.4.0') && release_long < Rex::Version.new('4.4.0-222.255') # Ubuntu 16.04 ESM
-      return CheckCode::Vulnerable("IF host OS is Ubuntu, kernel version #{release} is vulnerable")
+    begin
+      release_short = Rex::Version.new(release.split('-').first)
+      release_long = Rex::Version.new(release.split('-')[0..1].join('-'))
+      if release_short >= Rex::Version.new('5.13.0') && release_long < Rex::Version.new('5.13.0-37.42') || # Ubuntu 21.10
+         release_short >= Rex::Version.new('5.4.0') && release_long < Rex::Version.new('5.4.0-105.119') || # Ubuntu 20.04 LTS
+         release_short >= Rex::Version.new('4.15.0') && release_long < Rex::Version.new('4.15.0-173.182') || # Ubuntu 18.04 LTS
+         release_short >= Rex::Version.new('4.4.0') && release_long < Rex::Version.new('4.4.0-222.255') # Ubuntu 16.04 ESM
+        return CheckCode::Vulnerable("IF host OS is Ubuntu, kernel version #{release} is vulnerable")
+      end
+    rescue ArgumentError => e
+      return CheckCode::Safe("Error determining or processing kernel release (#{release}) into known format: #{e}")
     end
 
     CheckCode::Safe("Kernel version #{release} may not be vulnerable depending on the host OS")
diff --git a/modules/exploits/linux/local/tomcat_ubuntu_log_init_priv_esc.rb b/modules/exploits/linux/local/tomcat_ubuntu_log_init_priv_esc.rb
@@ -93,7 +93,11 @@ def check
     # 0 is ii for installed
     # 1 is tomcat# for package name
     # 2 is version number
-    package = Rex::Version.new(package[2])
+    begin
+      package = Rex::Version.new(package[2])
+    rescue ArgumentError => e
+      return CheckCode::Safe("Error processing Tomcat version (#{package[2]}) into known format: #{e}")
+    end
 
     if (package.to_s.start_with?('8') && package < Rex::Version.new('8.0.32-1ubuntu1.2')) ||
        (package.to_s.start_with?('7') && package < Rex::Version.new('7.0.52-1ubuntu0.7')) ||
diff --git a/modules/exploits/linux/local/vmwgfx_fd_priv_esc.rb b/modules/exploits/linux/local/vmwgfx_fd_priv_esc.rb
@@ -74,9 +74,13 @@ def base_dir
   def check
     # Check the kernel version to see if its in a vulnerable range
     release = kernel_release
-    unless Rex::Version.new(release) > Rex::Version.new('4.14-rc1') &&
-           Rex::Version.new(release) < Rex::Version.new('5.17-rc1')
-      return CheckCode::Safe("Kernel version #{release} is not vulnerable")
+    begin
+      unless Rex::Version.new(release) > Rex::Version.new('4.14-rc1') &&
+             Rex::Version.new(release) < Rex::Version.new('5.17-rc1')
+        return CheckCode::Safe("Kernel version #{release} is not vulnerable")
+      end
+    rescue ArgumentError => e
+      return CheckCode::Safe("Error determining or processing kernel release (#{release}) into known format: #{e}")
     end
 
     vprint_good "Kernel version #{release} appears to be vulnerable"
