diff --git a/Makefile b/Makefile index e29dd2d..f542000 100644 --- a/Makefile +++ b/Makefile @@ -126,10 +126,26 @@ NPL_DIR := modules/nft_payload_cve_2023_0179 NPL_SRCS := $(NPL_DIR)/skeletonkey_modules.c NPL_OBJS := $(patsubst %.c,$(BUILD)/%.o,$(NPL_SRCS)) +SAM_DIR := modules/sudo_samedit_cve_2021_3156 +SAM_SRCS := $(SAM_DIR)/skeletonkey_modules.c +SAM_OBJS := $(patsubst %.c,$(BUILD)/%.o,$(SAM_SRCS)) + +SEQ_DIR := modules/sequoia_cve_2021_33909 +SEQ_SRCS := $(SEQ_DIR)/skeletonkey_modules.c +SEQ_OBJS := $(patsubst %.c,$(BUILD)/%.o,$(SEQ_SRCS)) + +SUE_DIR := modules/sudoedit_editor_cve_2023_22809 +SUE_SRCS := $(SUE_DIR)/skeletonkey_modules.c +SUE_OBJS := $(patsubst %.c,$(BUILD)/%.o,$(SUE_SRCS)) + +VMW_DIR := modules/vmwgfx_cve_2023_2008 +VMW_SRCS := $(VMW_DIR)/skeletonkey_modules.c +VMW_OBJS := $(patsubst %.c,$(BUILD)/%.o,$(VMW_SRCS)) + # Top-level dispatcher TOP_OBJ := $(BUILD)/skeletonkey.o -ALL_OBJS := $(TOP_OBJ) $(CORE_OBJS) $(CFF_OBJS) $(DP_OBJS) $(EB_OBJS) $(PK_OBJS) $(NFT_OBJS) $(OVL_OBJS) $(CR4_OBJS) $(DCOW_OBJS) $(PTM_OBJS) $(NXC_OBJS) $(AFP_OBJS) $(FUL_OBJS) $(STR_OBJS) $(AFP2_OBJS) $(CRA_OBJS) $(OSU_OBJS) $(NSU_OBJS) $(AUG_OBJS) $(NFD_OBJS) $(NPL_OBJS) +ALL_OBJS := $(TOP_OBJ) $(CORE_OBJS) $(CFF_OBJS) $(DP_OBJS) $(EB_OBJS) $(PK_OBJS) $(NFT_OBJS) $(OVL_OBJS) $(CR4_OBJS) $(DCOW_OBJS) $(PTM_OBJS) $(NXC_OBJS) $(AFP_OBJS) $(FUL_OBJS) $(STR_OBJS) $(AFP2_OBJS) $(CRA_OBJS) $(OSU_OBJS) $(NSU_OBJS) $(AUG_OBJS) $(NFD_OBJS) $(NPL_OBJS) $(SAM_OBJS) $(SEQ_OBJS) $(SUE_OBJS) $(VMW_OBJS) .PHONY: all clean debug static help diff --git a/core/registry.h b/core/registry.h index 201099b..4f185c5 100644 --- a/core/registry.h +++ b/core/registry.h @@ -40,5 +40,9 @@ void skeletonkey_register_nft_set_uaf(void); void skeletonkey_register_af_unix_gc(void); void skeletonkey_register_nft_fwd_dup(void); void skeletonkey_register_nft_payload(void); +void skeletonkey_register_sudo_samedit(void); +void skeletonkey_register_sequoia(void); +void skeletonkey_register_sudoedit_editor(void); +void skeletonkey_register_vmwgfx(void); #endif /* SKELETONKEY_REGISTRY_H */ diff --git a/modules/sequoia_cve_2021_33909/skeletonkey_modules.c b/modules/sequoia_cve_2021_33909/skeletonkey_modules.c new file mode 100644 index 0000000..22466fc --- /dev/null +++ b/modules/sequoia_cve_2021_33909/skeletonkey_modules.c @@ -0,0 +1,20 @@ +/* sequoia_cve_2021_33909 — STUB pending agent implementation. */ +#include "skeletonkey_modules.h" +#include "../../core/registry.h" + +static skeletonkey_result_t sequoia_detect(const struct skeletonkey_ctx *ctx) +{ (void)ctx; return SKELETONKEY_PRECOND_FAIL; } + +const struct skeletonkey_module sequoia_module = { + .name = "sequoia", + .cve = "CVE-2021-33909", + .summary = "seq_file size_t overflow → kernel stack write (Qualys Sequoia) — stub pending implementation", + .family = "filesystem", + .kernel_range = "K < 5.13.4 / 5.10.52 / 5.4.134", + .detect = sequoia_detect, + .exploit = NULL, .mitigate = NULL, .cleanup = NULL, + .detect_auditd = NULL, .detect_sigma = NULL, + .detect_yara = NULL, .detect_falco = NULL, +}; + +void skeletonkey_register_sequoia(void) { skeletonkey_register(&sequoia_module); } diff --git a/modules/sequoia_cve_2021_33909/skeletonkey_modules.h b/modules/sequoia_cve_2021_33909/skeletonkey_modules.h new file mode 100644 index 0000000..4134c52 --- /dev/null +++ b/modules/sequoia_cve_2021_33909/skeletonkey_modules.h @@ -0,0 +1,5 @@ +#ifndef SEQUOIA_SKELETONKEY_MODULES_H +#define SEQUOIA_SKELETONKEY_MODULES_H +#include "../../core/module.h" +extern const struct skeletonkey_module sequoia_module; +#endif diff --git a/modules/sudo_samedit_cve_2021_3156/skeletonkey_modules.c b/modules/sudo_samedit_cve_2021_3156/skeletonkey_modules.c new file mode 100644 index 0000000..9b93422 --- /dev/null +++ b/modules/sudo_samedit_cve_2021_3156/skeletonkey_modules.c @@ -0,0 +1,20 @@ +/* sudo_samedit_cve_2021_3156 — STUB pending agent implementation. */ +#include "skeletonkey_modules.h" +#include "../../core/registry.h" + +static skeletonkey_result_t sudo_samedit_detect(const struct skeletonkey_ctx *ctx) +{ (void)ctx; return SKELETONKEY_PRECOND_FAIL; } + +const struct skeletonkey_module sudo_samedit_module = { + .name = "sudo_samedit", + .cve = "CVE-2021-3156", + .summary = "sudo Baron Samedit heap overflow (Qualys) — stub pending implementation", + .family = "sudo", + .kernel_range = "sudo 1.8.2 ≤ V ≤ 1.9.5p1 (userspace)", + .detect = sudo_samedit_detect, + .exploit = NULL, .mitigate = NULL, .cleanup = NULL, + .detect_auditd = NULL, .detect_sigma = NULL, + .detect_yara = NULL, .detect_falco = NULL, +}; + +void skeletonkey_register_sudo_samedit(void) { skeletonkey_register(&sudo_samedit_module); } diff --git a/modules/sudo_samedit_cve_2021_3156/skeletonkey_modules.h b/modules/sudo_samedit_cve_2021_3156/skeletonkey_modules.h new file mode 100644 index 0000000..cae8f09 --- /dev/null +++ b/modules/sudo_samedit_cve_2021_3156/skeletonkey_modules.h @@ -0,0 +1,5 @@ +#ifndef SUDO_SAMEDIT_SKELETONKEY_MODULES_H +#define SUDO_SAMEDIT_SKELETONKEY_MODULES_H +#include "../../core/module.h" +extern const struct skeletonkey_module sudo_samedit_module; +#endif diff --git a/modules/sudoedit_editor_cve_2023_22809/skeletonkey_modules.c b/modules/sudoedit_editor_cve_2023_22809/skeletonkey_modules.c new file mode 100644 index 0000000..a8a0a35 --- /dev/null +++ b/modules/sudoedit_editor_cve_2023_22809/skeletonkey_modules.c @@ -0,0 +1,20 @@ +/* sudoedit_editor_cve_2023_22809 — STUB pending agent implementation. */ +#include "skeletonkey_modules.h" +#include "../../core/registry.h" + +static skeletonkey_result_t sudoedit_editor_detect(const struct skeletonkey_ctx *ctx) +{ (void)ctx; return SKELETONKEY_PRECOND_FAIL; } + +const struct skeletonkey_module sudoedit_editor_module = { + .name = "sudoedit_editor", + .cve = "CVE-2023-22809", + .summary = "sudoedit EDITOR/VISUAL `--` argv escape → arbitrary file write as root — stub pending implementation", + .family = "sudo", + .kernel_range = "sudo 1.8.0 ≤ V < 1.9.12p2 (userspace)", + .detect = sudoedit_editor_detect, + .exploit = NULL, .mitigate = NULL, .cleanup = NULL, + .detect_auditd = NULL, .detect_sigma = NULL, + .detect_yara = NULL, .detect_falco = NULL, +}; + +void skeletonkey_register_sudoedit_editor(void) { skeletonkey_register(&sudoedit_editor_module); } diff --git a/modules/sudoedit_editor_cve_2023_22809/skeletonkey_modules.h b/modules/sudoedit_editor_cve_2023_22809/skeletonkey_modules.h new file mode 100644 index 0000000..578da47 --- /dev/null +++ b/modules/sudoedit_editor_cve_2023_22809/skeletonkey_modules.h @@ -0,0 +1,5 @@ +#ifndef SUDOEDIT_EDITOR_SKELETONKEY_MODULES_H +#define SUDOEDIT_EDITOR_SKELETONKEY_MODULES_H +#include "../../core/module.h" +extern const struct skeletonkey_module sudoedit_editor_module; +#endif diff --git a/modules/vmwgfx_cve_2023_2008/skeletonkey_modules.c b/modules/vmwgfx_cve_2023_2008/skeletonkey_modules.c new file mode 100644 index 0000000..3a51ef2 --- /dev/null +++ b/modules/vmwgfx_cve_2023_2008/skeletonkey_modules.c @@ -0,0 +1,20 @@ +/* vmwgfx_cve_2023_2008 — STUB pending agent implementation. */ +#include "skeletonkey_modules.h" +#include "../../core/registry.h" + +static skeletonkey_result_t vmwgfx_detect(const struct skeletonkey_ctx *ctx) +{ (void)ctx; return SKELETONKEY_PRECOND_FAIL; } + +const struct skeletonkey_module vmwgfx_module = { + .name = "vmwgfx", + .cve = "CVE-2023-2008", + .summary = "vmwgfx DRM driver buffer-object OOB write — stub pending implementation", + .family = "drm", + .kernel_range = "K < 6.3-rc6 (vmware-svga / vmwgfx driver)", + .detect = vmwgfx_detect, + .exploit = NULL, .mitigate = NULL, .cleanup = NULL, + .detect_auditd = NULL, .detect_sigma = NULL, + .detect_yara = NULL, .detect_falco = NULL, +}; + +void skeletonkey_register_vmwgfx(void) { skeletonkey_register(&vmwgfx_module); } diff --git a/modules/vmwgfx_cve_2023_2008/skeletonkey_modules.h b/modules/vmwgfx_cve_2023_2008/skeletonkey_modules.h new file mode 100644 index 0000000..11ae66e --- /dev/null +++ b/modules/vmwgfx_cve_2023_2008/skeletonkey_modules.h @@ -0,0 +1,5 @@ +#ifndef VMWGFX_SKELETONKEY_MODULES_H +#define VMWGFX_SKELETONKEY_MODULES_H +#include "../../core/module.h" +extern const struct skeletonkey_module vmwgfx_module; +#endif diff --git a/skeletonkey.c b/skeletonkey.c index 9726a40..e8de8d8 100644 --- a/skeletonkey.c +++ b/skeletonkey.c @@ -695,6 +695,10 @@ int main(int argc, char **argv) skeletonkey_register_af_unix_gc(); skeletonkey_register_nft_fwd_dup(); skeletonkey_register_nft_payload(); + skeletonkey_register_sudo_samedit(); + skeletonkey_register_sequoia(); + skeletonkey_register_sudoedit_editor(); + skeletonkey_register_vmwgfx(); enum mode mode = MODE_SCAN; struct skeletonkey_ctx ctx = {0};