-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathCVE-2024-6387-OpenSSH-Vulnerability-Checker.go
72 lines (63 loc) · 2.59 KB
/
CVE-2024-6387-OpenSSH-Vulnerability-Checker.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
package main
import (
"fmt"
"os/exec"
"regexp"
"strconv"
"strings"
)
func getOpenSSHVersion() string {
cmd := exec.Command("ssh", "-V")
output, err := cmd.CombinedOutput()
if err != nil {
fmt.Println("Error executing command:", err)
return ""
}
versionInfo := strings.TrimSpace(string(output))
return versionInfo
}
func isVulnerable(versionInfo string) string {
re := regexp.MustCompile(`OpenSSH(?:_for_Windows)?_([\d\.]+)p(\d+)`)
match := re.FindStringSubmatch(versionInfo)
if match == nil {
return "Unknown version format"
}
majorMinor := match[1]
majorMinorSplit := strings.Split(majorMinor, ".")
if len(majorMinorSplit) < 2 {
return "Unknown version format"
}
major, err1 := strconv.Atoi(majorMinorSplit[0])
minor, err2 := strconv.Atoi(majorMinorSplit[1])
if err1 != nil || err2 != nil {
return "Unknown version format"
}
if major < 4 || (major == 4 && minor < 4) {
return "Vulnerable unless patched for CVE-2006-5051 and CVE-2008-4109"
} else if (major == 4 && minor >= 4) || (major > 4 && major < 8) || (major == 8 && minor < 5) {
return "Not vulnerable"
} else if (major == 8 && minor >= 5) || (major > 8 && major < 9) || (major == 9 && minor < 8) {
return "Vulnerable"
} else {
return "Not vulnerable"
}
}
func main() {
fmt.Println("CVE-2024-6387 OpenSSH Vulnerability Checker")
fmt.Println("------------------------------------------")
fmt.Println("This script has been tested on Ubuntu and Mac and Windows11 systems.")
fmt.Println("The script results are for reference only.")
fmt.Println("For a thorough security assessment, consult with a security expert.")
fmt.Println("If a vulnerable version is detected, consult with your system administrator to apply appropriate updates or patches.")
fmt.Println("------------------------------------------")
fmt.Println("OpenSSH versions earlier than 4.4p1 are vulnerable unless patched for CVE-2006-5051 or CVE-2008-4109.")
fmt.Println("OpenSSH 4.4p1 or later, but not earlier than 8.5p1, is not vulnerable.")
fmt.Println("OpenSSH 8.5p1 and later, but not earlier than 9.8p1, are again vulnerable.")
fmt.Println("------------------------------------------")
// Get and print the OpenSSH version
versionInfo := getOpenSSHVersion()
fmt.Printf("OpenSSH version info: %s\n", versionInfo)
// Check if the version is vulnerable
vulnerabilityStatus := isVulnerable(versionInfo)
fmt.Printf("Vulnerability status: %s\n", vulnerabilityStatus)
}