Merge branch 'runc_priv_esc' of github.com:SickMcNugget/metasploit-fr…

…amework into runc_priv_esc
rapid7 · Mar 11, 2024 · 67fcd57 · 67fcd57
2 parents 6c1b4c1 + 8ce9500
commit 67fcd57
Showing 1 changed file with 1 addition and 26 deletions.
diff --git a/modules/exploits/linux/local/runc_cwd_priv_esc.rb b/modules/exploits/linux/local/runc_cwd_priv_esc.rb
@@ -75,10 +75,6 @@ def base_dir
   def check
     sys_info = get_sysinfo
 
-    # unless sys_info[:distro] == 'ubuntu' || sys_info[:distro] == 'debian'
-    #   return CheckCode::Safe('Check method only available for Debian/Ubuntu systems')
-    # end
-
     # Make sure both docker and runc are present
     unless command_exists?('runc')
       return CheckCode::Safe('The runc command was not found on this system')
@@ -88,27 +84,6 @@ def check
       return CheckCode::Safe('The docker command was not found on this system')
     end
 
-    # # Check the app is installed and the version, debian based example
-    # package = cmd_exec('runc --version')
-    # package = package.split[2] # runc, version, <the actual version>
-    #
-    # # Keep sane check for Ubuntu
-    # if package&.include?('1.1.7-0ubuntu1~22.04.1') || # jammy 22.04 only has 2 releases, .1 (vuln) and .2
-    #    package&.include?('1.0.0~rc10-0ubuntu1') || # focal only had 1 release prior to patch, 1.1.7-0ubuntu1~20.04.2 is patched
-    #    package&.include?('1.1.7-0ubuntu2') # mantic only had 1 release prior to patch, 1.1.7-0ubuntu2.2 is patched
-    #   return CheckCode::Appears("Vulnerable runc version #{package} detected")
-    # end
-    #
-    # # These tokens break Rex::Version comparisons.
-    # # Some distro runc packages use them for delimiting.
-    # bad_tokens = ['+', '~']
-    # bad_tokens.each do |token|
-    #   if package.include?(token)
-    #     package = package.split(token).first
-    #   end
-    # end
-    #
-
     minimum_version = '1.0.0'
     version_info = cmd_exec('runc --version')
 
@@ -174,7 +149,7 @@ def check
       return CheckCode::Appears("Version of runc detected appears to be vulnerable: #{unfiltered_version}.")
     end
 
-    CheckCode::Safe("runc #{package} is not vulnerable")
+    CheckCode::Safe("runc version #{unfiltered_version} is not vulnerable.")
   end
 
   def exploit