automatic module_metadata_base.json update

2023-01-30 16:43:35 -06:00 · 2023-01-30 16:43:35 -06:00 · 42004c07bc
parent 433099e539
commit 42004c07bc
1 changed files with 38 additions and 7 deletions
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@ -98007,7 +98007,7 @@
      "h00die <mike@stcyrsecurity.com>",
      "KotCzarny"
    ],
-    "description": "This module attempts to exploit a debug backdoor privilege escalation in\n          Allwinner SoC based devices.\n          Vulnerable Allwinner SoC chips: H3, A83T or H8 which rely on Kernel 3.4\n          Vulnerable OS: all OS images available for Orange Pis,\n                         any for FriendlyARM's NanoPi M1,\n                         SinoVoip's M2+ and M3,\n                         Cuebietech's Cubietruck +\n                         Linksprite's pcDuino8 Uno\n          Exploitation may be possible against Dragon (x10) and Allwinner Android tablets",
+    "description": "This module attempts to exploit a debug backdoor privilege escalation in\n          Allwinner SoC based devices.\n\n          Vulnerable Allwinner SoC chips: H3, A83T or H8 which rely on Kernel 3.4.\n\n          Vulnerable OS: all OS images available for Orange Pis,\n          any for FriendlyARM's NanoPi M1,\n          SinoVoip's M2+ and M3,\n          Cuebietech's Cubietruck +\n          Linksprite's pcDuino8 Uno.\n          Exploitation may be possible against Dragon (x10) and Allwinner Android tablets.",
    "references": [
      "CVE-2016-10225",
      "URL-http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/",
@ -98026,7 +98026,7 @@
    "targets": [
      "Auto"
    ],
-    "mod_time": "2020-10-02 17:38:06 +0000",
+    "mod_time": "2023-01-28 15:02:24 +0000",
    "path": "/modules/exploits/multi/local/allwinner_backdoor.rb",
    "is_install_path": true,
    "ref_name": "multi/local/allwinner_backdoor",
@ -98034,6 +98034,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk"
+      ]
    },
    "session_types": [
      "shell",
@ -98055,7 +98064,7 @@
      "Romain Trouve",
      "bcoles <bcoles@gmail.com>"
    ],
-    "description": "This module attempts to gain root privileges on systems running\n        MagniComp SysInfo versions prior to 10-H64.\n\n        The .mcsiwrapper suid executable allows loading a config file using the\n        '--configfile' argument. The 'ExecPath' config directive is used to set\n        the executable load path. This module abuses this functionality to set\n        the load path resulting in execution of arbitrary code as root.\n\n        This module has been tested successfully with SysInfo version\n        10-H63 on Fedora 20 x86_64, 10-H32 on Fedora 27 x86_64, 10-H10 on\n        Debian 8 x86_64, and 10-GA on Solaris 10u11 x86.",
+    "description": "This module attempts to gain root privileges on systems running\n          MagniComp SysInfo versions prior to 10-H64.\n\n          The .mcsiwrapper suid executable allows loading a config file using the\n          '--configfile' argument. The 'ExecPath' config directive is used to set\n          the executable load path. This module abuses this functionality to set\n          the load path resulting in execution of arbitrary code as root.\n\n          This module has been tested successfully with SysInfo version\n          10-H63 on Fedora 20 x86_64, 10-H32 on Fedora 27 x86_64, 10-H10 on\n          Debian 8 x86_64, and 10-GA on Solaris 10u11 x86.",
    "references": [
      "CVE-2017-6516",
      "BID-96934",
@ -98077,7 +98086,7 @@
      "Solaris",
      "Linux"
    ],
-    "mod_time": "2021-02-17 12:33:59 +0000",
+    "mod_time": "2023-01-28 15:02:24 +0000",
    "path": "/modules/exploits/multi/local/magnicomp_sysinfo_mcsiwrapper_priv_esc.rb",
    "is_install_path": true,
    "ref_name": "multi/local/magnicomp_sysinfo_mcsiwrapper_priv_esc",
@ -98090,6 +98099,9 @@
      ],
      "Stability": [
        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk"
      ]
    },
    "session_types": [
@ -98195,7 +98207,7 @@
      "Linux x64",
      "Linux x86"
    ],
-    "mod_time": "2021-10-06 13:43:31 +0000",
+    "mod_time": "2023-01-28 15:02:24 +0000",
    "path": "/modules/exploits/multi/local/xorg_x11_suid_server.rb",
    "is_install_path": true,
    "ref_name": "multi/local/xorg_x11_suid_server",
@ -98203,6 +98215,16 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Reliability": [
+        "unreliable-session"
+      ],
+      "Stability": [
+        "crash-service-down"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "config-changes"
+      ]
    },
    "session_types": [
      "shell",
@ -98223,7 +98245,7 @@
      "Narendra Shinde",
      "Aaron Ringo"
    ],
-    "description": "This module attempts to gain root privileges with SUID Xorg X11 server\n        versions 1.19.0 < 1.20.3.\n\n        A permission check flaw exists for -modulepath and -logfile options when\n        starting Xorg.  This allows unprivileged users that can start the server\n        the ability to elevate privileges and run arbitrary code under root\n        privileges.\n\n        This module has been tested with CentOS 7 (1708).\n        CentOS default install will require console auth for the users session.\n        Xorg must have SUID permissions and may not start if running.\n\n        On successful exploitation artifacts will be created consistant\n        with starting Xorg.",
+    "description": "This module attempts to gain root privileges with SUID Xorg X11 server\n          versions 1.19.0 < 1.20.3.\n\n          A permission check flaw exists for -modulepath and -logfile options when\n          starting Xorg.  This allows unprivileged users that can start the server\n          the ability to elevate privileges and run arbitrary code under root\n          privileges.\n\n          This module has been tested with CentOS 7 (1708).\n          CentOS default install will require console auth for the users session.\n          Xorg must have SUID permissions and may not start if running.\n\n          On successful exploitation artifacts will be created consistant\n          with starting Xorg.",
    "references": [
      "CVE-2018-14665",
      "BID-105741",
@ -98247,7 +98269,7 @@
      "Solaris x86",
      "Solaris x64"
    ],
-    "mod_time": "2021-02-17 12:33:59 +0000",
+    "mod_time": "2023-01-28 15:02:24 +0000",
    "path": "/modules/exploits/multi/local/xorg_x11_suid_server_modulepath.rb",
    "is_install_path": true,
    "ref_name": "multi/local/xorg_x11_suid_server_modulepath",
@ -98255,6 +98277,15 @@
    "post_auth": false,
    "default_credential": false,
    "notes": {
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "Stability": [
+        "crash-service-down"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk"
+      ]
    },
    "session_types": [
      "shell",