-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2021-3156-checker.py
46 lines (38 loc) · 1.98 KB
/
CVE-2021-3156-checker.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
################################
# Verify your system against #
# CVE-2021-3156 #
# lypd0.com #
################################
import subprocess
def check_sudo_version():
try:
output = subprocess.check_output(['sudo', '--version'], stderr=subprocess.STDOUT)
output = output.decode('utf-8')
for line in output.split('\n'):
if 'Sudo version' in line:
version = line.split()[-1]
return version
except subprocess.CalledProcessError:
return None
def is_vulnerable(version):
vulnerable_versions = ['1.9.5', '1.9.4', '1.9.3', '1.9.2', '1.9.1', '1.9.0', '1.8.31', '1.8.30', '1.8.29', '1.8.28', '1.8.27', '1.8.26', '1.8.25', '1.8.24', '1.8.23', '1.8.22', '1.8.21p2', '1.8.20p2', '1.8.19p2', '1.8.18p1', '1.8.17p1', '1.8.16p1', '1.8.15p2', '1.8.14p3', '1.8.13p1', '1.8.12p2', '1.8.11p2', '1.8.10p3', '1.8.9p5', '1.8.8p5', '1.8.7p2', '1.8.6p7', '1.8.5p2', '1.8.4p5', '1.8.3p2', '1.8.2p1', '1.8.1p2', '1.8.0', '1.7.10']
for v in vulnerable_versions:
if version.startswith(v) and not version.startswith("1.9.5p2"):
return True
return False
def main():
print(" ___ _ _ ____ ___ ___ ___ __ ___ __ ___ _ ")
print(" / __)( \/ )( ___)___(__ \ / _ \(__ \ / )___(__ )/ )| __) / ) ")
print(" ( (__ \ / )__)(___)/ _/( (_) )/ _/ )((___)(_ \ )( |__ \/ _ \ ")
print(" \___) \/ (____) (____)\___/(____)(__) (___/(__)(___/\___/ \n")
sudo_version = check_sudo_version()
if sudo_version:
print(f"[+] Sudo version: {sudo_version}")
if is_vulnerable(sudo_version):
print("[!] Your system is vulnerable to CVE-2021-3156 (Baron Samedit)")
else:
print("[+] Your system is NOT vulnerable to CVE-2021-3156 (Baron Samedit)")
else:
print("[-] Unable to determine sudo version. Please make sure sudo is installed and accessible.")
if __name__ == "__main__":
main()