mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-12-22 14:05:22 +01:00
Fixed tests.
This commit is contained in:
parent
1bdf7029b4
commit
c6b8dc97e1
@ -6,7 +6,10 @@
|
|||||||
[0;32m(gen) compression: enabled (zlib)[0m
|
[0;32m(gen) compression: enabled (zlib)[0m
|
||||||
|
|
||||||
[0;36m# security[0m
|
[0;36m# security[0m
|
||||||
[0;33m(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies[0m
|
[0;33m(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers[0m
|
||||||
|
[0;33m(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies[0m
|
||||||
|
[0;33m(cve) CVE-2017-15906 -- (CVSSv2: 5.3) readonly bypass via sftp[0m
|
||||||
|
[0;33m(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response[0m
|
||||||
[0;33m(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
|
[0;33m(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
|
||||||
[0;33m(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)[0m
|
[0;33m(cve) CVE-2014-1692 -- (CVSSv2: 7.5) cause DoS via triggering error condition (memory corruption)[0m
|
||||||
[0;33m(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages[0m
|
[0;33m(cve) CVE-2012-0814 -- (CVSSv2: 3.5) leak data via debug messages[0m
|
||||||
|
@ -5,7 +5,10 @@
|
|||||||
[0;32m(gen) compression: enabled (zlib@openssh.com)[0m
|
[0;32m(gen) compression: enabled (zlib@openssh.com)[0m
|
||||||
|
|
||||||
[0;36m# security[0m
|
[0;36m# security[0m
|
||||||
[0;33m(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies[0m
|
[0;33m(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers[0m
|
||||||
|
[0;33m(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies[0m
|
||||||
|
[0;33m(cve) CVE-2017-15906 -- (CVSSv2: 5.3) readonly bypass via sftp[0m
|
||||||
|
[0;33m(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response[0m
|
||||||
[0;33m(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
|
[0;33m(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
|
||||||
[0;33m(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
|
[0;33m(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
|
||||||
[0;33m(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
|
[0;33m(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
|
||||||
|
@ -5,7 +5,10 @@
|
|||||||
[0;32m(gen) compression: enabled (zlib@openssh.com)[0m
|
[0;32m(gen) compression: enabled (zlib@openssh.com)[0m
|
||||||
|
|
||||||
[0;36m# security[0m
|
[0;36m# security[0m
|
||||||
[0;33m(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies[0m
|
[0;33m(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers[0m
|
||||||
|
[0;33m(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies[0m
|
||||||
|
[0;33m(cve) CVE-2017-15906 -- (CVSSv2: 5.3) readonly bypass via sftp[0m
|
||||||
|
[0;33m(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response[0m
|
||||||
[0;33m(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
|
[0;33m(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
|
||||||
[0;33m(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
|
[0;33m(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
|
||||||
[0;33m(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
|
[0;33m(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
|
||||||
|
@ -5,7 +5,10 @@
|
|||||||
[0;32m(gen) compression: enabled (zlib@openssh.com)[0m
|
[0;32m(gen) compression: enabled (zlib@openssh.com)[0m
|
||||||
|
|
||||||
[0;36m# security[0m
|
[0;36m# security[0m
|
||||||
[0;33m(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies[0m
|
[0;33m(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers[0m
|
||||||
|
[0;33m(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies[0m
|
||||||
|
[0;33m(cve) CVE-2017-15906 -- (CVSSv2: 5.3) readonly bypass via sftp[0m
|
||||||
|
[0;33m(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response[0m
|
||||||
[0;33m(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
|
[0;33m(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
|
||||||
[0;33m(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
|
[0;33m(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
|
||||||
[0;33m(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
|
[0;33m(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
|
||||||
|
@ -5,7 +5,10 @@
|
|||||||
[0;32m(gen) compression: enabled (zlib@openssh.com)[0m
|
[0;32m(gen) compression: enabled (zlib@openssh.com)[0m
|
||||||
|
|
||||||
[0;36m# security[0m
|
[0;36m# security[0m
|
||||||
[0;33m(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies[0m
|
[0;33m(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers[0m
|
||||||
|
[0;33m(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies[0m
|
||||||
|
[0;33m(cve) CVE-2017-15906 -- (CVSSv2: 5.3) readonly bypass via sftp[0m
|
||||||
|
[0;33m(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response[0m
|
||||||
[0;33m(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
|
[0;33m(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
|
||||||
[0;33m(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
|
[0;33m(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
|
||||||
[0;33m(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
|
[0;33m(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
|
||||||
|
@ -5,7 +5,10 @@
|
|||||||
[0;32m(gen) compression: enabled (zlib@openssh.com)[0m
|
[0;32m(gen) compression: enabled (zlib@openssh.com)[0m
|
||||||
|
|
||||||
[0;36m# security[0m
|
[0;36m# security[0m
|
||||||
[0;33m(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepencies[0m
|
[0;33m(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers[0m
|
||||||
|
[0;33m(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies[0m
|
||||||
|
[0;33m(cve) CVE-2017-15906 -- (CVSSv2: 5.3) readonly bypass via sftp[0m
|
||||||
|
[0;33m(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response[0m
|
||||||
[0;33m(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
|
[0;33m(cve) CVE-2016-3115 -- (CVSSv2: 5.5) bypass command restrictions via crafted X11 forwarding data[0m
|
||||||
[0;33m(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
|
[0;33m(cve) CVE-2016-1907 -- (CVSSv2: 5.0) cause DoS via crafted network traffic (out of bounds read)[0m
|
||||||
[0;33m(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
|
[0;33m(cve) CVE-2015-6564 -- (CVSSv2: 6.9) privilege escalation via leveraging sshd uid[0m
|
||||||
|
@ -4,6 +4,12 @@
|
|||||||
[0;32m(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+[0m
|
[0;32m(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+[0m
|
||||||
[0;32m(gen) compression: enabled (zlib@openssh.com)[0m
|
[0;32m(gen) compression: enabled (zlib@openssh.com)[0m
|
||||||
|
|
||||||
|
[0;36m# security[0m
|
||||||
|
[0;33m(cve) CVE-2021-41617 -- (CVSSv2: 7.0) privilege escalation via supplemental groups[0m
|
||||||
|
[0;33m(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers[0m
|
||||||
|
[0;33m(cve) CVE-2019-16905 -- (CVSSv2: 7.8) memory corruption and local code execution via pre-authentication integer overflow[0m
|
||||||
|
[0;33m(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response[0m
|
||||||
|
|
||||||
[0;36m# key exchange algorithms[0m
|
[0;36m# key exchange algorithms[0m
|
||||||
[0;32m(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
|
[0;32m(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
|
||||||
[0;32m(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62[0m
|
[0;32m(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62[0m
|
||||||
|
@ -4,6 +4,12 @@
|
|||||||
[0;32m(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+[0m
|
[0;32m(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+[0m
|
||||||
[0;32m(gen) compression: enabled (zlib@openssh.com)[0m
|
[0;32m(gen) compression: enabled (zlib@openssh.com)[0m
|
||||||
|
|
||||||
|
[0;36m# security[0m
|
||||||
|
[0;33m(cve) CVE-2021-41617 -- (CVSSv2: 7.0) privilege escalation via supplemental groups[0m
|
||||||
|
[0;33m(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers[0m
|
||||||
|
[0;33m(cve) CVE-2019-16905 -- (CVSSv2: 7.8) memory corruption and local code execution via pre-authentication integer overflow[0m
|
||||||
|
[0;33m(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response[0m
|
||||||
|
|
||||||
[0;36m# key exchange algorithms[0m
|
[0;36m# key exchange algorithms[0m
|
||||||
[0;32m(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
|
[0;32m(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
|
||||||
[0;32m(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62[0m
|
[0;32m(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62[0m
|
||||||
|
@ -4,6 +4,12 @@
|
|||||||
[0;32m(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+[0m
|
[0;32m(gen) compatibility: OpenSSH 7.4+, Dropbear SSH 2018.76+[0m
|
||||||
[0;32m(gen) compression: enabled (zlib@openssh.com)[0m
|
[0;32m(gen) compression: enabled (zlib@openssh.com)[0m
|
||||||
|
|
||||||
|
[0;36m# security[0m
|
||||||
|
[0;33m(cve) CVE-2021-41617 -- (CVSSv2: 7.0) privilege escalation via supplemental groups[0m
|
||||||
|
[0;33m(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers[0m
|
||||||
|
[0;33m(cve) CVE-2019-16905 -- (CVSSv2: 7.8) memory corruption and local code execution via pre-authentication integer overflow[0m
|
||||||
|
[0;33m(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response[0m
|
||||||
|
|
||||||
[0;36m# key exchange algorithms[0m
|
[0;36m# key exchange algorithms[0m
|
||||||
[0;32m(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
|
[0;32m(kex) curve25519-sha256 -- [info] available since OpenSSH 7.4, Dropbear SSH 2018.76[0m
|
||||||
[0;32m(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62[0m
|
[0;32m(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62[0m
|
||||||
|
@ -138,7 +138,7 @@ class TestSSH1:
|
|||||||
self.audit(out, self._conf())
|
self.audit(out, self._conf())
|
||||||
out.write()
|
out.write()
|
||||||
lines = output_spy.flush()
|
lines = output_spy.flush()
|
||||||
assert len(lines) == 17
|
assert len(lines) == 21
|
||||||
|
|
||||||
def test_ssh1_server_invalid_first_packet(self, output_spy, virtual_socket):
|
def test_ssh1_server_invalid_first_packet(self, output_spy, virtual_socket):
|
||||||
vsocket = virtual_socket
|
vsocket = virtual_socket
|
||||||
@ -153,7 +153,7 @@ class TestSSH1:
|
|||||||
out.write()
|
out.write()
|
||||||
assert ret != 0
|
assert ret != 0
|
||||||
lines = output_spy.flush()
|
lines = output_spy.flush()
|
||||||
assert len(lines) == 10
|
assert len(lines) == 14
|
||||||
assert 'unknown message' in lines[-1]
|
assert 'unknown message' in lines[-1]
|
||||||
|
|
||||||
def test_ssh1_server_invalid_checksum(self, output_spy, virtual_socket):
|
def test_ssh1_server_invalid_checksum(self, output_spy, virtual_socket):
|
||||||
|
@ -147,7 +147,7 @@ class TestSSH2:
|
|||||||
self.audit(out, self._conf())
|
self.audit(out, self._conf())
|
||||||
out.write()
|
out.write()
|
||||||
lines = output_spy.flush()
|
lines = output_spy.flush()
|
||||||
assert len(lines) == 70
|
assert len(lines) == 74
|
||||||
|
|
||||||
def test_ssh2_server_invalid_first_packet(self, output_spy, virtual_socket):
|
def test_ssh2_server_invalid_first_packet(self, output_spy, virtual_socket):
|
||||||
vsocket = virtual_socket
|
vsocket = virtual_socket
|
||||||
@ -161,5 +161,5 @@ class TestSSH2:
|
|||||||
out.write()
|
out.write()
|
||||||
assert ret != 0
|
assert ret != 0
|
||||||
lines = output_spy.flush()
|
lines = output_spy.flush()
|
||||||
assert len(lines) == 5
|
assert len(lines) == 9
|
||||||
assert 'unknown message' in lines[-1]
|
assert 'unknown message' in lines[-1]
|
||||||
|
Loading…
Reference in New Issue
Block a user