cisagov / check-cve-2019-19781 Goto Github PK

View Code? Open in Web Editor NEW

108.0 17.0 28.0 367 KB

Test a host for susceptibility to CVE-2019-19781

License: Creative Commons Zero v1.0 Universal

Shell 32.07% Python 67.93%

cve-2019-19781 citrix vulnerability cwe-22

check-cve-2019-19781's Introduction

check-cve-2019-19781 🔎🐞

This utility determines if a host appears susceptible to CVE-2019-19781.

Requirements

Python versions 3.6 and above. Note that Python 2 is not supported.

Installation

From a release:

pip install https://github.com/cisagov/check-cve-2019-19781/releases/download/v1.0.2/cve_2019_19781-1.0.2-py3-none-any.whl

From source:

git clone https://github.com/cisagov/check-cve-2019-19781.git
cd check-cve-2019-19781
pip install -r requirements.txt

Usage

To scan a host:

❱ cve-2019-19781 citrix.example.org

2020-01-10 22:11:46,312 WARNING citrix.example.org appears to be vulnerable.

Detailed usage information can be viewed with:

❱ cve-2019-19781 --help

Check for the existence of CVE-2019-19781 on a host machine.

EXIT STATUS
    This utility exits with one of the following values:
    0   The host does not seem vulnerable
    1   Command was invoked incorrectly
    2   The host appears to be vulnerable
    >2  An error occurred.

For more information about this vulnerability see:
    https://nvd.nist.gov/vuln/detail/CVE-2019-19781

Usage:
  cve-2019-19781 [options] <host>
  cve-2019-19781 (-h | --help)

Options:
  -h --help              Show this message.
  --log-level=LEVEL      If specified, then the log level will be set to
                         the specified value.  Valid values are "debug", "info",
                         "warning", "error", and "critical". [default: info]
  -r --retries=count     Number of times to retry a failed connection attempt before
                         giving up. [default: 2]
  -t --timeout=seconds   Number of seconds to wait during each connection attempt.
                         [default: 10]

Contributing

We welcome contributions! Please see CONTRIBUTING.md for details.

License

This project is in the worldwide public domain.

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.

check-cve-2019-19781's People

Contributors

Stargazers

Watchers

check-cve-2019-19781's Issues

Unable to execute utility after successful install

Having an issue running the program, I am new to Python so any help would be great.

C:\python>py -m pip install https://github.com/cisagov/check-cve-2019-19781/releases/download/v1.0.0/cve_2019_19781-1.0.0-py3-none-any.whl
Requirement already satisfied: cve-2019-19781==1.0.0 from https://github.com/cisagov/check-cve-2019-19781/releases/download/v1.0.0/cve_2019_19781-1.0.0-py3-none-any.whl in c:\users\lrobcke\appdata\local\programs\python\python38-32\lib\site-packages\cve_2019_19781-1.0.0-py3.8.egg (1.0.0)
Requirement already satisfied: docopt in c:\users\lrobcke\appdata\local\programs\python\python38-32\lib\site-packages\docopt-0.6.2-py3.8.egg (from cve-2019-19781==1.0.0) (0.6.2)
Requirement already satisfied: setuptools in c:\users\lrobcke\appdata\local\programs\python\python38-32\lib\site-packages (from cve-2019-19781==1.0.0) (41.2.0)
Requirement already satisfied: urllib3 in c:\users\lrobcke\appdata\local\programs\python\python38-32\lib\site-packages\urllib3-1.25.7-py3.8.egg (from cve-2019-19781==1.0.0) (1.25.7)

C:\python>py cve-2019-19781
C:\Users\lrobcke\AppData\Local\Programs\Python\Python38-32\python.exe: can't open file 'cve-2019-19781': [Errno 2] No such file or directory

C:\python>python
Python 3.8.1 (tags/v3.8.1:1b293b6, Dec 18 2019, 22:39:24) [MSC v.1916 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> cve-2019-19781 --log-level=LEVEL virtuallab.pace.edu
  File "<stdin>", line 1
    cve-2019-19781 --log-level=LEVEL virtuallab.pace.edu
                                     ^
SyntaxError: invalid syntax
>>> cve-2019-19781 [--log-level=LEVEL] virtuallab.pace.edu
  File "<stdin>", line 1
    cve-2019-19781 [--log-level=LEVEL] virtuallab.pace.edu

Error installing

Hello,

I am trying to isntall in ubuntu 18.04 with python 3.6 installed.

when i try the pip install command, i am getting the following error:

cve_2019_19781-1.0.1-py3-none-any.whl is not a supported wheel on this platform.

When i try to install from the source, i get the follwoing error:
Command "python setup.py egg_info" failed with error code 1 in /home/gw/check-cve-2019-19781/

Docker instructions

Use this to run the latest cve-2019-19781 as a docker container:

Dockerfile:

FROM python:3.8
WORKDIR /srv
RUN git clone https://github.com/cisagov/check-cve-2019-19781.git .; \
    pip install -r requirements.txt
ENTRYPOINT ["cve-2019-19781"]

Run with:

docker build --no-cache -t check-cve-2019-19781 .
docker run --rm -it check-cve-2019-19781 YOUR-DOMAIN.TLD

(Replace YOUR-DOMAIN.TLD with our actual domain)

🐛 Bug Report

Seems to me the logic in this code is backwards. It returns "vulnerable" when it's not unless I'm really missing something. We have multiple Netscalers and applied the mitigation when it was made publically available, but have been asked to check using this tool.

Tool is installed in a python virtualenv on Arch with Python 3.8. Installs fine.

running curl -k --path-as-is https://10.x.y.z/vpn/../vpns/ returns a HTTP/1.1 403 with the HTML output:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /vpns/
on this server.</p>
</body></html>

To Reproduce

running: ./cve-2019-19781 --log-level=debug 10.x.y.z returns:

2020-01-28 12:34:07,261 DEBUG Disabling insecure request warnings.
2020-01-28 12:34:07,261 DEBUG Disabling URL normalization.
2020-01-28 12:34:07,261 DEBUG Creating connection pool, retries=2, timeout=10s
2020-01-28 12:34:07,261 DEBUG Connecting to https://10.x.y.z/vpn/../vpns/
2020-01-28 12:34:07,262 DEBUG Converted retries value: 2 -> Retry(total=2, connect=None, read=None, redirect=0, status=None)
2020-01-28 12:34:07,262 DEBUG Starting new HTTPS connection (1): 10.x.y.z:443
2020-01-28 12:34:07,274 DEBUG https://10.x.y.z:443 "GET /vpn/../vpns/ HTTP/1.1" 403 207
2020-01-28 12:34:07,274 DEBUG Response status: 403
2020-01-28 12:34:07,274 DEBUG Data:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /vpns/
on this server.</p>
</body></html>

2020-01-28 12:34:07,275 WARNING 10.x.y.z appears to be vulnerable.

Expected behavior

It's my understanding that if you're getting a 403 it's been mitigated. Either change:
return INSECURE_CONTENT in decoded_data
to
return INSECURE_CONTENT not in decoded_data

or change the try if / else output around.

Am I totally wrong about my understanding of the mitigation? TrustedSec's code here: https://github.com/trustedsec/cve-2019-19781/blob/master/cve-2019-19781_scanner.py makes a request to:
https://HOST/vpn/js/../../vpns/cfg/smb.conf
and if that doesn't return the content of that smb.conf, but returns a 403 status code it's not vulnerable.

Python code runs easily in Windows. FYI for Windows users.

🚀 Feature Proposal

Add information in your documentation that this code runs very easily within MS Windows after downloading and installing Python 3.X. I struggled trying to get the code running in Ubuntu for a long time before realizing that Python is available for Windows. After installing Python your install command ran correctly and the app runs very well.

Motivation

Example

Please provide an example for how this feature would be used.

Pitch

Why does this feature belong in this project?
Hopefully adding this information will make it easier for Windows only IT to run this utility to check their Netscalers.

SSLV3_Alert_Handshake_Failure

UnicodeDecodeError: 'utf-8' codec can't decode byte 0xf6 in position 1144: invalid start byte

🐛 Bug Report

$ cve-2019-19781 citrix.beispiel.de
Traceback (most recent call last):
  File "/home/ehret/.local/bin/cve-2019-19781", line 11, in <module>
    load_entry_point('cve-2019-19781', 'console_scripts', 'cve-2019-19781')()
  File "/tmp/check-cve-2019-19781/src/check_cve/check.py", line 117, in main
    if is_vulnerable(host, retries, timeout):
  File "/tmp/check-cve-2019-19781/src/check_cve/check.py", line 64, in is_vulnerable
    decoded_data = response.data.decode()
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xf6 in position 1144: invalid start byte

Installation Error when using Python 2

🐛 Bug Report

Error on install using Kali Linux.

To Reproduce

Steps to reproduce the behavior:

Install Kali Linux (https://www.kali.org/downloads/)
Update/Upgrade to latest version (apt-get update && apt-get upgrade && apt-get dist-upgrade)
Follow "Installation steps" "From source:" at https://github.com/cisagov/check-cve-2019-19781

Expected behavior

I would expect to be able to run the commands described in the "Usage" section of https://github.com/cisagov/check-cve-2019-19781

Any helpful log output

root@kali:~/check-cve-2019-19781# pip install -r requirements.txt 
Obtaining file:///root/check-cve-2019-19781 (from -r requirements.txt (line 1))
    Complete output from command python setup.py egg_info:
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/root/check-cve-2019-19781/setup.py", line 38, in <module>
        long_description=readme(),
      File "/root/check-cve-2019-19781/setup.py", line 21, in readme
        with open("README.md", encoding="utf-8") as f:
    TypeError: 'encoding' is an invalid keyword argument for this function
    
    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /root/check-cve-2019-19781/
root@kali:~/check-cve-2019-19781#

cisagov / check-cve-2019-19781 Goto Github PK

check-cve-2019-19781's Introduction

check-cve-2019-19781 🔎🐞

Requirements

Installation

Usage

Contributing

License

check-cve-2019-19781's People

Contributors

Stargazers

Watchers

Forkers

check-cve-2019-19781's Issues

🐛 Bug Report

To Reproduce

Expected behavior

🚀 Feature Proposal

Motivation

Example

Pitch

🐛 Bug Report

🐛 Bug Report

To Reproduce

Expected behavior

Any helpful log output

Recommend Projects

Recommend Topics

Recommend Org