version 1.1 released

mzet- · mzet- · commit 2edd5973f07c · 2020-01-07T15:43:41.000+01:00
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,4 +1,52 @@
 
+linux-exploit-suggester.sh v1.1 [2020-01-07]
+
+o Add more reliable DISTRO version detection (based on /etc/*-release files)
+
+o Added following exploits:
+
+  + add SystemTap exploit (CVE-2010-4170) (#46) [bcoles]
+
+  + add abrt/sosreport-rhel7 exploit (#48) [bcoles]
+
+  + add Return of the WIZard (exim) (CVE-2019-10149) (#54) [bcoles]
+
+  + Add Serv-U FTP Server exploit (CVE-2019-12181) (#58) [bcoles]
+
+  + Add PTRACE_TRACEME (CVE-2019-13272) (#61) [bcoles]
+
+  + Add ktsuss (CVE-2011-2921) (#62) [bcoles]
+
+  + Add rds_atomic_free_op NULL pointer dereference (CVE-2018-5333) (#67) [bcoles]
+
+  + Add GNU Mailutils maidag url local root (CVE-2019-18862) (#69) [bcoles]
+
+o Added following '--checksec' mode improvements:
+
+  + add detection for kernel.yama.ptrace_scope (#49) [bcoles]
+
+o Rewritten README.md. Displaying exposure (calculted based on rank) instead of raw numeric rank
+
+o '--uname' mode improvement: do tagging and rank calculation also
+    when LES is run with '--uname' switch. uname string contains
+    distro name so we're bumping rank (+1) for each exploit that is
+    known run on given distro. Also rank is bumped when there is
+    kernel version match (+3).
+
+o Refinements for following exploits:
+
+  + add ntfs-3g version check: pkg=ntfs-3g,ver<2017.4 (#50) [bcoles]
+
+  + update tested package versions for raceabrt (#47) [bcoles]
+
+  + add udev version check pkg=udev,ver<141 (#51) [bcoles]
+
+  + RationalLove fix: libc package is named 'libc6' on Debian/Ubuntu
+
+  + Add nginx version check: pkg=nginx|nginx-full,ver<1.10.3 (#57) [bcoles]
+
+  + rds_atomic_free_op exploit: update targets
+
 linux-exploit-suggester.sh v1.0 [2019-03-01]
 
 o Added additional 'Tags' for multiple exploits based on:
diff --git a/linux-exploit-suggester.sh b/linux-exploit-suggester.sh
@@ -1,15 +1,15 @@
 #!/bin/bash
 
 #
-# Copyright (c) 2016-2019, mzet
+# Copyright (c) 2016-2020, @_mzet_
 #
 # linux-exploit-suggester.sh comes with ABSOLUTELY NO WARRANTY.
 # This is free software, and you are welcome to redistribute it
 # under the terms of the GNU General Public License. See LICENSE
 # file for usage of this software.
 #
 
-VERSION=v1.0
+VERSION=v1.1
 
 # bash colors
 #txtred="\e[0;31m"

Original file line number	Diff line number	Diff line change
`@@ -1,15 +1,15 @@`
`1`	`1`	`#!/bin/bash`
`2`	`2`
`3`	`3`	`#`
`4`		`-# Copyright (c) 2016-2019, mzet`
	`4`	`+# Copyright (c) 2016-2020, @_mzet_`
`5`	`5`	`#`
`6`	`6`	`# linux-exploit-suggester.sh comes with ABSOLUTELY NO WARRANTY.`
`7`	`7`	`# This is free software, and you are welcome to redistribute it`
`8`	`8`	`# under the terms of the GNU General Public License. See LICENSE`
`9`	`9`	`# file for usage of this software.`
`10`	`10`	`#`
`11`	`11`
`12`		`-VERSION=v1.0`
	`12`	`+VERSION=v1.1`
`13`	`13`
`14`	`14`	`# bash colors`
`15`	`15`	`#txtred="\e[0;31m"`