-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdetect.py
73 lines (61 loc) · 2.69 KB
/
detect.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# CVE-2024-3094 Detection
# Date: 31/03/2024
# Author: Yuma-Tsushima07
# Ref: https://nvd.nist.gov/vuln/detail/CVE-2024-3094
# Ref: https://github.com/advisories/GHSA-rxwq-x6h5-x525
import subprocess
import os
import sys
import requests
import tarfile
# Vulnerable versions
VULNERABLE_VERSIONS = ["5.6.0", "5.6.1"]
# Stable version
STABLE_VERSION = "5.4.6"
STABLE_VERSION_URL = f"https://github.com/tukaani/xz/releases/download/v{STABLE_VERSION}/xz-{STABLE_VERSION}.tar.gz"
# ANSI color codes
GREEN = '\033[92m'
RED = '\033[91m'
ENDC = '\033[0m'
def install_stable_xz():
print(f"Downloading xz version {STABLE_VERSION} from {STABLE_VERSION_URL}...")
try:
response = requests.get(STABLE_VERSION_URL)
response.raise_for_status()
with open(f"xz-{STABLE_VERSION}.tar.gz", "wb") as f:
f.write(response.content)
print(f"Extracting xz-{STABLE_VERSION}.tar.gz...")
with tarfile.open(f"xz-{STABLE_VERSION}.tar.gz", "r:gz") as tar:
tar.extractall()
print(f"Compiling and installing xz version {STABLE_VERSION}...")
os.chdir(f"xz-{STABLE_VERSION}")
subprocess.run(["./configure"])
subprocess.run(["make"])
subprocess.run(["sudo", "make", "install"])
print(f"{GREEN}xz version {STABLE_VERSION} installed successfully.{ENDC}")
except Exception as e:
print(f"{RED}Installation failed. Error: {e}{ENDC}")
sys.exit(1)
def check_vulnerability():
try:
result = subprocess.run(["xz", "--version"], capture_output=True, text=True)
xz_version = result.stdout.splitlines()[0].split()[-1]
print(f"Detected xz-utils version: {xz_version}")
if xz_version in VULNERABLE_VERSIONS:
print(f"{RED}WARNING: Your system is vulnerable to CVE-2024-3094 with xz-utils version {xz_version} installed.{ENDC}")
response = input("Would you like to ensure xz is at the stable version {STABLE_VERSION}? (yes/no): ")
if response.lower() == "yes":
install_stable_xz()
else:
print(f"{RED}Manual intervention required. Please ensure your system's xz-utils is at version {STABLE_VERSION}.{ENDC}")
sys.exit(1)
elif xz_version != VULNERABLE_VERSIONS[0] and xz_version != VULNERABLE_VERSIONS[1]:
print(f"{GREEN}Your system does not appear to be vulnerable to CVE-2024-3094 based on the installed xz-utils version.{ENDC}")
except FileNotFoundError:
print("xz-utils is not installed. Your system is not vulnerable to CVE-2024-3094.")
sys.exit(0)
except Exception as e:
print(f"{RED}Error: {e}{ENDC}")
sys.exit(1)
if __name__ == "__main__":
check_vulnerability()