diff options
author | ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp> | 2020-03-30 09:24:26 +0900 |
---|---|---|
committer | ToshikazuOhiwa <toshikazu_ohiwa@mail.toyota.co.jp> | 2020-03-30 09:24:26 +0900 |
commit | 5b80bfd7bffd4c20d80b7c70a7130529e9a755dd (patch) | |
tree | b4bb18dcd1487dbf1ea8127e5671b7bb2eded033 /external/meta-security/recipes-security/nikto | |
parent | 706ad73eb02caf8532deaf5d38995bd258725cb8 (diff) |
agl-basesystem
Diffstat (limited to 'external/meta-security/recipes-security/nikto')
3 files changed, 250 insertions, 0 deletions
diff --git a/external/meta-security/recipes-security/nikto/files/CVE-2018-11652.patch b/external/meta-security/recipes-security/nikto/files/CVE-2018-11652.patch new file mode 100644 index 00000000..5ddb1692 --- /dev/null +++ b/external/meta-security/recipes-security/nikto/files/CVE-2018-11652.patch @@ -0,0 +1,106 @@ +From e759b3300aace5314fe3d30800c8bd83c81c29f7 Mon Sep 17 00:00:00 2001 +From: sullo <sullo@cirt.net> +Date: Thu, 31 May 2018 23:30:03 -0400 +Subject: [PATCH] Fix CSV injection issue if server responds with a malicious + Server string & CSV output is opened in Excel or other spreadsheet app. + Potentially malicious cell start characters are now prefaced with a ' mark. + Thanks to Adam (@bytesoverbombs) for letting me know! + +Also fixed a crash in the outdated plugin if the $sepr field ends up being something that triggers a panic in split(). + +CVE: CVE-2018-11652 +Upstream-Status: Backport +Signed-off-by: Nagalakshmi Veeramallu <nveeramallu@mvista.com> +--- + plugins/nikto_outdated.plugin | 2 +- + plugins/nikto_report_csv.plugin | 42 +++++++++++++++++++++++++++++------------ + 2 files changed, 31 insertions(+), 13 deletions(-) + +diff --git a/plugins/nikto_outdated.plugin b/plugins/nikto_outdated.plugin +index 72379cc..eb1d889 100644 +--- a/plugins/nikto_outdated.plugin ++++ b/plugins/nikto_outdated.plugin +@@ -83,7 +83,7 @@ sub nikto_outdated { + $sepr = substr($sepr, (length($sepr) - 1), 1); + + # break up ID string on $sepr +- my @T = split(/$sepr/, $mark->{'banner'}); ++ my @T = split(/\\$sepr/, $mark->{'banner'}); + + # assume last is version... + for ($i = 0 ; $i < $#T ; $i++) { $MATCHSTRING .= "$T[$i] "; } +diff --git a/plugins/nikto_report_csv.plugin b/plugins/nikto_report_csv.plugin +index d13acab..b942e78 100644 +--- a/plugins/nikto_report_csv.plugin ++++ b/plugins/nikto_report_csv.plugin +@@ -52,10 +52,12 @@ sub csv_open { + sub csv_host_start { + my ($handle, $mark) = @_; + $mark->{'banner'} =~ s/"/\\"/g; +- print OUT "\"$mark->{'hostname'}\"," +- . "\"$mark->{'ip'}\"," +- . "\"$mark->{'port'}\"," . "\"\"," . "\"\"," . "\"\"," +- . "\"$mark->{'banner'}\"\n"; ++ print $handle "\"" . csv_safecell($hostname) . "\"," ++ . "\"" . csv_safecell($mark->{'ip'}) . "\"," ++ . "\"" . csv_safecell($mark->{'port'}) . "\"," . "\"\"," . "\"\"," . "\"\"," ++ #. "\"" . $mark->{'banner'} . "\"\n"; ++ . "\"" . csv_safecell($mark->{'banner'}) . "\"\n"; ++ + return; + } + +@@ -65,26 +67,42 @@ sub csv_item { + my ($handle, $mark, $item) = @_; + foreach my $uri (split(' ', $item->{'uri'})) { + my $line = ''; +- $line .= "\"$item->{'mark'}->{'hostname'}\","; +- $line .= "\"$item->{'mark'}->{'ip'}\","; +- $line .= "\"$item->{'mark'}->{'port'}\","; ++ $line .= "\"" . csv_safecell($hostname) . "\","; ++ $line .= "\"" . csv_safecell($item->{'mark'}->{'ip'}) . \","; ++ $line .= "\"" . csv_safecell($item->{'mark'}->{'port'}) . "\","; + + $line .= "\""; + if ($item->{'osvdb'} ne '') { $line .= "OSVDB-" . $item->{'osvdb'}; } + $line .= "\","; + + $line .= "\""; +- if ($item->{'method'} ne '') { $line .= $item->{'method'}; } ++ if ($item->{'method'} ne '') { $line .= csv_safecell($item->{'method'}); } + $line .= "\","; + + $line .= "\""; +- if ($uri ne '') { $line .= $mark->{'root'} . $uri; } ++ { $line .= csv_safecell($mark->{'root'}) . $uri; } ++ else { $line .= csv_safecell($ur + $line .= "\","; + +- $item->{'message'} =~ s/"/\\"/g; +- $line .= "\"$item->{'message'}\""; +- print $handle "$line\n"; ++ my $msg = $item->{'message'}; ++ $uri=quotemeta($uri); ++ my $root = quotemeta($mark->{'root'}); ++ $msg =~ s/^$uri:\s//; ++ $msg =~ s/^$root$uri:\s//; ++ $msg =~ s/"/\\"/g; ++ $line .= "\"" . csv_safecell($msg) ."\""; ++ print $handle "$line\n"; ++ + } + } + ++############################################################################### ++# prevent CSV injection attacks ++sub csv_safecell { ++ my $celldata = $_[0] || return; ++ if ($celldata =~ /^[=+@-]/) { $celldata = "'" . $celldata; } ++ return $celldata; ++} ++ ++ + 1; +-- +2.6.4 + diff --git a/external/meta-security/recipes-security/nikto/files/location.patch b/external/meta-security/recipes-security/nikto/files/location.patch new file mode 100644 index 00000000..a95b0629 --- /dev/null +++ b/external/meta-security/recipes-security/nikto/files/location.patch @@ -0,0 +1,36 @@ +From e10b9b1f6704057ace39956ae1dc5c7caca07ff1 Mon Sep 17 00:00:00 2001 +From: Andrei Dinu <andrei.adrianx.dinu@intel.com> +Date: Mon, 8 Jul 2013 11:53:54 +0300 +Subject: [PATCH] Setting the location of nikto on the image + +Upstream Status: Inapropriate + +Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> +--- + nikto.conf | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/nikto.conf b/nikto.conf +index 25b784d..9577033 100644 +--- a/nikto.conf ++++ b/nikto.conf +@@ -61,11 +61,11 @@ CIRT=174.142.17.165 + CHECKMETHODS=HEAD GET + + # If you want to specify the location of any of the files, specify them here +-# EXECDIR=/opt/nikto # Location of Nikto +-# PLUGINDIR=/opt/nikto/plugins # Location of plugin dir +-# DBDIR=/opt/nikto/databases # Location of plugin dir +-# TEMPLATEDIR=/opt/nikto/templates # Location of tempmlate dir +-# DOCDIR=/opt/nikto/docs # Location of docs dir ++EXECDIR=/usr/bin/nikto # Location of Nikto ++PLUGINDIR=/etc/nikto/plugins # Location of plugin dir ++DBDIR=/etc/nikto/databases # Location of plugin dir ++TEMPLATEDIR=/etc/nikto/templates # Location of tempmlate dir ++DOCDIR=/usr/share/doc/nikto # Location of docs dir + + # Default plugin macros + @@MUTATE=dictionary;subdomain +-- +1.7.9.5 + diff --git a/external/meta-security/recipes-security/nikto/nikto_2.1.5.bb b/external/meta-security/recipes-security/nikto/nikto_2.1.5.bb new file mode 100644 index 00000000..19eb14f3 --- /dev/null +++ b/external/meta-security/recipes-security/nikto/nikto_2.1.5.bb @@ -0,0 +1,108 @@ +SUMMARY = "web server scanner" +DESCRIPTION = "Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous \ + files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers." +SECTION = "security" +LICENSE = "GPLv2" + +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/GPL-2.0;md5=801f80980d171dd6425610833a22dbe6" + +SRC_URI = "http://cirt.net/nikto/${BP}.tar.gz \ + file://location.patch \ + file://CVE-2018-11652.patch" + +SRC_URI[md5sum] = "efcc98a918becb77471ee9a5df0a7b1e" +SRC_URI[sha256sum] = "0e672a6a46bf2abde419a0e8ea846696d7f32e99ad18a6b405736ee6af07509f" + +do_install() { + install -d ${D}${bindir} + install -d ${D}${datadir} + install -d ${D}${datadir}/man/man1 + install -d ${D}${datadir}/doc/nikto + install -d ${D}${sysconfdir}/nikto + install -d ${D}${sysconfdir}/nikto/databases + install -d ${D}${sysconfdir}/nikto/plugins + install -d ${D}${sysconfdir}/nikto/templates + + install -m 0644 databases/db_404_strings ${D}${sysconfdir}/nikto/databases + install -m 0644 databases/db_content_search ${D}${sysconfdir}/nikto/databases + install -m 0644 databases/db_dictionary ${D}${sysconfdir}/nikto/databases + install -m 0644 databases/db_embedded ${D}${sysconfdir}/nikto/databases + install -m 0644 databases/db_favicon ${D}${sysconfdir}/nikto/databases + install -m 0644 databases/db_headers ${D}${sysconfdir}/nikto/databases + install -m 0644 databases/db_httpoptions ${D}${sysconfdir}/nikto/databases + install -m 0644 databases/db_multiple_index ${D}${sysconfdir}/nikto/databases + install -m 0644 databases/db_outdated ${D}${sysconfdir}/nikto/databases + install -m 0644 databases/db_parked_strings ${D}${sysconfdir}/nikto/databases + install -m 0644 databases/db_realms ${D}${sysconfdir}/nikto/databases + install -m 0644 databases/db_server_msgs ${D}${sysconfdir}/nikto/databases + install -m 0644 databases/db_subdomains ${D}${sysconfdir}/nikto/databases + install -m 0644 databases/db_tests ${D}${sysconfdir}/nikto/databases + install -m 0644 databases/db_variables ${D}${sysconfdir}/nikto/databases + + install -m 0644 plugins/JSON-PP.pm ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/LW2.pm ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_apache_expect_xss.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_apacheusers.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_auth.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_cgi.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_clientaccesspolicy.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_content_search.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_cookies.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_core.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_dictionary_attack.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_embedded.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_favicon.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_fileops.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_headers.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_httpoptions.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_msgs.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_multiple_index.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_outdated.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_parked.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_paths.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_put_del_test.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_report_csv.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_report_html.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_report_msf.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_report_nbe.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_report_text.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_report_xml.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_robots.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_siebel.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_ssl.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_subdomain.plugin ${D}${sysconfdir}/nikto/plugins + install -m 0644 plugins/nikto_tests.plugin ${D}${sysconfdir}/nikto/plugins + + install -m 0644 templates/htm_close.tmpl ${D}${sysconfdir}/nikto/templates + install -m 0644 templates/htm_end.tmpl ${D}${sysconfdir}/nikto/templates + install -m 0644 templates/htm_host_head.tmpl ${D}${sysconfdir}/nikto/templates + install -m 0644 templates/htm_host_im.tmpl ${D}${sysconfdir}/nikto/templates + install -m 0644 templates/htm_host_item.tmpl ${D}${sysconfdir}/nikto/templates + install -m 0644 templates/htm_start.tmpl ${D}${sysconfdir}/nikto/templates + install -m 0644 templates/htm_stop.tmpl ${D}${sysconfdir}/nikto/templates + install -m 0644 templates/htm_start.tmpl ${D}${sysconfdir}/nikto/templates + install -m 0644 templates/htm_summary.tmpl ${D}${sysconfdir}/nikto/templates + install -m 0644 templates/xml_end.tmpl ${D}${sysconfdir}/nikto/templates + install -m 0644 templates/xml_host_head.tmpl ${D}${sysconfdir}/nikto/templates + install -m 0644 templates/xml_host_im.tmpl ${D}${sysconfdir}/nikto/templates + install -m 0644 templates/xml_host_item.tmpl ${D}${sysconfdir}/nikto/templates + install -m 0644 templates/xml_start.tmpl ${D}${sysconfdir}/nikto/templates + install -m 0644 templates/xml_summary.tmpl ${D}${sysconfdir}/nikto/templates + + install -m 0644 nikto.conf ${D}${sysconfdir} + + install -m 0755 nikto.pl ${D}${bindir}/nikto + install -m 0644 replay.pl ${D}${bindir} + install -m 0644 docs/nikto.1 ${D}${datadir}/man/man1 + + install -m 0644 docs/CHANGES.txt ${D}${datadir}/doc/nikto + install -m 0644 docs/LICENSE.txt ${D}${datadir}/doc/nikto + install -m 0644 docs/nikto.dtd ${D}${datadir}/doc/nikto + install -m 0644 docs/nikto_manual.html ${D}${datadir}/doc/nikto +} + +RDEPENDS_${PN} = "perl libnet-ssleay-perl libwhisker2-perl \ + perl-module-getopt-long perl-module-time-local \ + perl-module-io-socket perl-module-overloading \ + perl-module-base perl-module-b perl-module-bytes \ + nikto-doc" |