Kali linux kernel9/19/2023 ![]() The reason Nessus flags this as a vulnerability is because there is a social engineering attack within OpenSSH called “Double Free” which requires a user to connect to a malicious SSH server where an attacker has root privileges the attacler can then send specially crafted data to gain code execution. This leaves us with one major vulnerability left an outdated version of OpenSSH. One of which is a misreport – According to this article (Referenced by Nessus) we can manually validate this finding as a privileged user by checking /sys/devices/system/cpu/vulnerabilities/mdsĪnd we can see that our device is not vulnerable. There were a grand total of two major vulnerabilities found. In about 5 minutes, the scan should have finished and we’re ready to review the data returned. The user account will be named “banana” and will have the password of “banana” Now lets try a low privileged internal scan by enabling SSH and giving Nessus a set of credentials. I wouldn’t quite qualify any of these as an actual vulnerability. The difference between the local and remote clocks is -20 seconds. In about 10 minutes, the scan will finish and you will likely recieve something pretty similar to what I did – No major vulnerabilities that Tenable advises you patch:Ī grand total of 4 Informational level “Vulnerabilities” were identified: Now that the scan is setup, we can run the scan by pressing “Save” and clicking on the “Play” button. The next sections going to contain a number of screenshots that displays the Nessus Scan Config so anyone reading can replicate it. Next up, we’re going to run a remote scan on our 2021.2 Kali box. If an attacker manages to find a vulnerability 2 hours into a UDP port scan, they can have it. No scan seemed to matter here, moving onto UDP:Īfter I published this, the UDP scan was still running. Pivoting over to my Kali machine that I use for daily ops, lets start with a couple nmap scans, we’ll do a Full TCP Connect, Syn Stealth, and a X-mas scan: If you would like to review the LinPEAS output, you can do so here Remote Scanning The only minor thing is the user you create will be in the Sudoers group, so you should choose a strong password. So at first glance, there isn’t any huge vulnerabilities that you may be able to leverage to gain root access. ![]() The only other big thing that jumps out here is the Kismet binaries, which are advised to be configured as SUID binaries: Versions 1.9.5.p1 and lower are vulnerable. Sudo is the interesting one here as recently the Sudoedit Bufferoverflow exploit came out, however, Kali 2021.2 is not vulnerable: Next up is Cronjobs, a few interesting jobs exist, however, none of them have RWX permissions for any user other than root, so we’re all good on that front. The first major category here is Processes no running root processes jump out to me. We’re also going to use LinPEAS as quick way to audit potential vulnerabilities that will allow us to elevate privileges. This can be verified in Wireshark as well: The only recorded service running on my Kali device was DHCP which was communicating with my Router to prevent the DHCP lease from expiring. In terms of running network services, very little exist. So in terms of Kernel exploits, very little exploits publicly exist. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94. None of these vulnerabilities pose a major risk that effect the Kali kernel, and to be honest, the only high severity vulnerability targeted for 5.10 is actually mislabeled and is meant for 5.9.3:Īn issue was discovered in the Linux kernel before 5.9.3. In terms of vulnerabilities for version 5.10 of the Linux Kernel, there’s about 7 or so, not all of which exist in the final version of the 5.10 of the Kernel. See here for what Kali Version has which kernel. Traditionally, Offensive Security updates the Kali kernel on their quarterly releases. The kernel running is 5.10.40-1kali1 which is dated by about 6 months, however, on the next major release, we should expect another minor kernel upgrade. In terms of the specific Kernel/OS Version, let’s take a look: ![]() To me, it seems like most of these packages would likely be upgraded for security purposes. Apt apt-utils bash distro-info-data exploitdb firefox-esr firmware-sof-signed libapt-pkg6.0 libgnutls30 libhdf5-103-1 libhdf5-hl-100 libogdi4.1 libpfm4 libxnvctrl0 metasploit-framework mimikatz passing-the-hash rebind spooftooph voiphopper
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |