diff --git a/modules/exploits/linux/local/runc_cwd_priv_esc.rb b/modules/exploits/linux/local/runc_cwd_priv_esc.rb index 1611d6907ed0..e4638cb0c478 100644 --- a/modules/exploits/linux/local/runc_cwd_priv_esc.rb +++ b/modules/exploits/linux/local/runc_cwd_priv_esc.rb @@ -75,10 +75,6 @@ def base_dir def check sys_info = get_sysinfo - # unless sys_info[:distro] == 'ubuntu' || sys_info[:distro] == 'debian' - # return CheckCode::Safe('Check method only available for Debian/Ubuntu systems') - # end - # Make sure both docker and runc are present unless command_exists?('runc') return CheckCode::Safe('The runc command was not found on this system') @@ -88,27 +84,6 @@ def check return CheckCode::Safe('The docker command was not found on this system') end - # # Check the app is installed and the version, debian based example - # package = cmd_exec('runc --version') - # package = package.split[2] # runc, version, - # - # # Keep sane check for Ubuntu - # if package&.include?('1.1.7-0ubuntu1~22.04.1') || # jammy 22.04 only has 2 releases, .1 (vuln) and .2 - # package&.include?('1.0.0~rc10-0ubuntu1') || # focal only had 1 release prior to patch, 1.1.7-0ubuntu1~20.04.2 is patched - # package&.include?('1.1.7-0ubuntu2') # mantic only had 1 release prior to patch, 1.1.7-0ubuntu2.2 is patched - # return CheckCode::Appears("Vulnerable runc version #{package} detected") - # end - # - # # These tokens break Rex::Version comparisons. - # # Some distro runc packages use them for delimiting. - # bad_tokens = ['+', '~'] - # bad_tokens.each do |token| - # if package.include?(token) - # package = package.split(token).first - # end - # end - # - minimum_version = '1.0.0' version_info = cmd_exec('runc --version') @@ -174,7 +149,7 @@ def check return CheckCode::Appears("Version of runc detected appears to be vulnerable: #{unfiltered_version}.") end - CheckCode::Safe("runc #{package} is not vulnerable") + CheckCode::Safe("runc version #{unfiltered_version} is not vulnerable.") end def exploit