View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0006206 | Kali Linux | Kali Package Bug | public | 2020-03-20 16:20 | 2020-12-01 10:42 |
Reporter | aech66 | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | open | ||
Product Version | 2020.1 | ||||
Summary | 0006206: sudo apt dist-upgrade breaks searchsploit results | ||||
Description | starting with a Kali 2020.1 virtualbox last updated TWO WEEKS AGO. command: searchsploit --nmap scan.xml -v when just updating this single package to the newest: But after full system upgrade: So the update of SOME OTHER package then exploitdb breaks the search results for searchsploit when using the --nmap flag | ||||
Steps To Reproduce | I couldn't reproduce on live cd, but on an installed system it happens each time, just take an older system, eg Kali 2019.4 and it works, then dist-upgrade and it goes wrong. | ||||
Attached Files | after (5,248 bytes)
-------------------------------------------------------------------------------------------------------------------- ---------------------------------------- Exploit Title | Path | (/usr/share/exploitdb/) -------------------------------------------------------------------------------------------------------------------- ---------------------------------------- Debian [01;31m[KOpenSSH[m[K - (Authenticated) Remote SELinux Privilege Escalation | exploits/linux/remote/6094.txt Dropbear / [01;31m[KOpenSSH[m[K Server - 'MAX_UNAUTH_CLIENTS' Denial of Service | exploits/multiple/dos/1572.pl FreeBSD [01;31m[KOpenSSH[m[K 3.5p1 - Remote Command Execution | exploits/freebsd/remote/17462.txt Novell Netware 6.5 - [01;31m[KOpenSSH[m[K Remote Stack Overflow | exploits/novell/dos/14866.txt [01;31m[KOpenSSH[m[K 1.2 - '.scp' File Create/Overwrite | exploits/linux/remote/20253.sh [01;31m[KOpenSSH[m[K 2.3 < 7.7 - Username Enumeration | exploits/linux/remote/45233.py [01;31m[KOpenSSH[m[K 2.3 < 7.7 - Username Enumeration (PoC) | exploits/linux/remote/45210.py [01;31m[KOpenSSH[m[K 2.x/3.0.1/3.0.2 - Channel Code Off-by-One | exploits/unix/remote/21314.txt [01;31m[KOpenSSH[m[K 2.x/3.x - Kerberos 4 TGT/AFS Token Buffer Overflow | exploits/linux/remote/21402.txt [01;31m[KOpenSSH[m[K 3.x - Challenge-Response Buffer Overflow (1) | exploits/unix/remote/21578.txt [01;31m[KOpenSSH[m[K 3.x - Challenge-Response Buffer Overflow (2) | exploits/unix/remote/21579.txt [01;31m[KOpenSSH[m[K 4.3 p1 - Duplicated Block Remote Denial of Service | exploits/multiple/dos/2444.sh [01;31m[KOpenSSH[m[K 6.8 < 6.9 - 'PTY' Local Privilege Escalation | exploits/linux/local/41173.c [01;31m[KOpenSSH[m[K 7.2 - Denial of Service | exploits/linux/dos/40888.py [01;31m[KOpenSSH[m[K 7.2p1 - (Authenticated) xauth Command Injection | exploits/multiple/remote/39569.py [01;31m[KOpenSSH[m[K 7.2p2 - Username Enumeration | exploits/linux/remote/40136.py [01;31m[KOpenSSH[m[K < 6.6 SFTP (x64) - Command Execution | exploits/linux_x86-64/remote/45000.c [01;31m[KOpenSSH[m[K < 6.6 SFTP - Command Execution | exploits/linux/remote/45001.py [01;31m[KOpenSSH[m[K < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Escalation | exploits/linux/local/40962.txt [01;31m[KOpenSSH[m[K < 7.4 - agent Protocol Arbitrary Library Loading | exploits/linux/remote/40963.txt [01;31m[KOpenSSH[m[K < 7.7 - User Enumeration (2) | exploits/linux/remote/45939.py [01;31m[KOpenSSH[m[K SCP Client - Write Arbitrary Files | exploits/multiple/remote/46516.py [01;31m[KOpenSSH[m[K/PAM 3.6.1p1 - 'gossh.sh' Remote Users Ident | exploits/linux/remote/26.sh [01;31m[KOpenSSH[m[K/PAM 3.6.1p1 - Remote Users Discovery Tool | exploits/linux/remote/25.c [01;31m[KOpenSSH[m[Kd 7.2p2 - Username Enumeration | exploits/linux/remote/40113.txt Portable [01;31m[KOpenSSH[m[K 3.6.1p-PAM/4.1-SuSE - Timing Attack | exploits/multiple/remote/3303.sh glibc-2.2 / [01;31m[Kopenssh[m[K-2.3.0p1 / glibc 2.1.9x - File Read | exploits/linux/local/258.sh -------------------------------------------------------------------------------------------------------------------- ---------------------------------------- Shellcodes: No Result before.txt (10,636 bytes)
---------------------------------------------------------------------------------------------- ---------------------------------------- Exploit Title | Path | (/usr/share/exploitdb/) ---------------------------------------------------------------------------------------------- ---------------------------------------- Debian [01;31m[KOpenSSH[m[K - (Authenticated) Remote SELinux Privilege Escalation | exploits/linux/remote/6094.txt Dropbear / [01;31m[KOpenSSH[m[K Server - 'MAX_UNAUTH_CLIENTS' Denial of Service | exploits/multiple/dos/1572.pl FreeBSD [01;31m[KOpenSSH[m[K 3.5p1 - Remote Command Execution | exploits/freebsd/remote/17462.txt Novell Netware 6.5 - [01;31m[KOpenSSH[m[K Remote Stack Overflow | exploits/novell/dos/14866.txt [01;31m[KOpenSSH[m[K 1.2 - '.scp' File Create/Overwrite | exploits/linux/remote/20253.sh [01;31m[KOpenSSH[m[K 2.3 < 7.7 - Username Enumeration | exploits/linux/remote/45233.py [01;31m[KOpenSSH[m[K 2.3 < 7.7 - Username Enumeration (PoC) | exploits/linux/remote/45210.py [01;31m[KOpenSSH[m[K 2.x/3.0.1/3.0.2 - Channel Code Off-by-One | exploits/unix/remote/21314.txt [01;31m[KOpenSSH[m[K 2.x/3.x - Kerberos 4 TGT/AFS Token Buffer Overflow | exploits/linux/remote/21402.txt [01;31m[KOpenSSH[m[K 3.x - Challenge-Response Buffer Overflow (1) | exploits/unix/remote/21578.txt [01;31m[KOpenSSH[m[K 3.x - Challenge-Response Buffer Overflow (2) | exploits/unix/remote/21579.txt [01;31m[KOpenSSH[m[K 4.3 p1 - Duplicated Block Remote Denial of Service | exploits/multiple/dos/2444.sh [01;31m[KOpenSSH[m[K 6.8 < 6.9 - 'PTY' Local Privilege Escalation | exploits/linux/local/41173.c [01;31m[KOpenSSH[m[K 7.2 - Denial of Service | exploits/linux/dos/40888.py [01;31m[KOpenSSH[m[K 7.2p1 - (Authenticated) xauth Command Injection | exploits/multiple/remote/39569.py [01;31m[KOpenSSH[m[K 7.2p2 - Username Enumeration | exploits/linux/remote/40136.py [01;31m[KOpenSSH[m[K < 6.6 SFTP (x64) - Command Execution | exploits/linux_x86-64/remote/45000.c [01;31m[KOpenSSH[m[K < 6.6 SFTP - Command Execution | exploits/linux/remote/45001.py [01;31m[KOpenSSH[m[K < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Esc | exploits/linux/local/40962.txt [01;31m[KOpenSSH[m[K < 7.4 - agent Protocol Arbitrary Library Loading | exploits/linux/remote/40963.txt [01;31m[KOpenSSH[m[K < 7.7 - User Enumeration (2) | exploits/linux/remote/45939.py [01;31m[KOpenSSH[m[K SCP Client - Write Arbitrary Files | exploits/multiple/remote/46516.py [01;31m[KOpenSSH[m[K/PAM 3.6.1p1 - 'gossh.sh' Remote Users Ident | exploits/linux/remote/26.sh [01;31m[KOpenSSH[m[K/PAM 3.6.1p1 - Remote Users Discovery Tool | exploits/linux/remote/25.c [01;31m[KOpenSSH[m[Kd 7.2p2 - Username Enumeration | exploits/linux/remote/40113.txt Portable [01;31m[KOpenSSH[m[K 3.6.1p-PAM/4.1-SuSE - Timing Attack | exploits/multiple/remote/3303.sh glibc-2.2 / [01;31m[Kopenssh[m[K-2.3.0p1 / glibc 2.1.9x - File Read | exploits/linux/local/258.sh ---------------------------------------------------------------------------------------------- ---------------------------------------- Shellcodes: No Result ---------------------------------------------------------------------------------------------- ---------------------------------------- Exploit Title | Path | (/usr/share/exploitdb/) ---------------------------------------------------------------------------------------------- ---------------------------------------- [01;31m[KOpenSSH[m[K 2.3 < [01;31m[K7[m[K.[01;31m[K7[m[K - Username Enumeration | exploits/linux/remote/45233.py [01;31m[KOpenSSH[m[K 2.3 < [01;31m[K7[m[K.[01;31m[K7[m[K - Username Enumeration (PoC) | exploits/linux/remote/45210.py [01;31m[KOpenSSH[m[K [01;31m[K7[m[K.2 - Denial of Service | exploits/linux/dos/40888.py [01;31m[KOpenSSH[m[K [01;31m[K7[m[K.2p1 - (Authenticated) xauth Command Injection | exploits/multiple/remote/39569.py [01;31m[KOpenSSH[m[K [01;31m[K7[m[K.2p2 - Username Enumeration | exploits/linux/remote/40136.py [01;31m[KOpenSSH[m[K < [01;31m[K7[m[K.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Esc | exploits/linux/local/40962.txt [01;31m[KOpenSSH[m[K < [01;31m[K7[m[K.4 - agent Protocol Arbitrary Library Loading | exploits/linux/remote/40963.txt [01;31m[KOpenSSH[m[K < [01;31m[K7[m[K.[01;31m[K7[m[K - User Enumeration (2) | exploits/linux/remote/45939.py [01;31m[KOpenSSH[m[Kd [01;31m[K7[m[K.2p2 - Username Enumeration | exploits/linux/remote/40113.txt ---------------------------------------------------------------------------------------------- ---------------------------------------- Shellcodes: No Result ---------------------------------------------------------------------------------------------- ---------------------------------------- Exploit Title | Path | (/usr/share/exploitdb/) ---------------------------------------------------------------------------------------------- ---------------------------------------- [01;31m[KNostromo[m[K - Directory Traversal Remote Command Execution (Metasploit) | exploits/multiple/remote/47573.rb [01;31m[Knostromo[m[K 1.9.6 - Remote Code Execution | exploits/multiple/remote/47837.py [01;31m[Knostromo[m[K nhttpd 1.9.3 - Directory Traversal Remote Command Execution | exploits/linux/remote/35466.sh ---------------------------------------------------------------------------------------------- ---------------------------------------- Shellcodes: No Result ---------------------------------------------------------------------------------------------- ---------------------------------------- Exploit Title | Path | (/usr/share/exploitdb/) ---------------------------------------------------------------------------------------------- ---------------------------------------- [01;31m[Knostromo[m[K [01;31m[K1[m[K.9.6 - Remote Code Execution | exploits/multiple/remote/47837.py [01;31m[Knostromo[m[K nhttpd [01;31m[K1[m[K.9.3 - Directory Traversal Remote Command Execution | exploits/linux/remote/35466.sh ---------------------------------------------------------------------------------------------- ---------------------------------------- Shellcodes: No Result ---------------------------------------------------------------------------------------------- ---------------------------------------- Exploit Title | Path | (/usr/share/exploitdb/) ---------------------------------------------------------------------------------------------- ---------------------------------------- [01;31m[Knostromo[m[K [01;31m[K1[m[K.[01;31m[K9[m[K.6 - Remote Code Execution | exploits/multiple/remote/47837.py [01;31m[Knostromo[m[K nhttpd [01;31m[K1[m[K.[01;31m[K9[m[K.3 - Directory Traversal Remote Command Execution | exploits/linux/remote/35466.sh ---------------------------------------------------------------------------------------------- ---------------------------------------- Shellcodes: No Result ---------------------------------------------------------------------------------------------- ---------------------------------------- Exploit Title | Path | (/usr/share/exploitdb/) ---------------------------------------------------------------------------------------------- ---------------------------------------- [01;31m[Knostromo[m[K [01;31m[K1[m[K.[01;31m[K9[m[K.[01;31m[K6[m[K - Remote Code Execution | exploits/multiple/remote/47837.py ---------------------------------------------------------------------------------------------- ---------------------------------------- Shellcodes: No Result | ||||
The cause has been traced to the following package: libxml2-utils. Maybe the libxml2-utils package affects other tools that depend on it. |
|
Since neither exploitdb package and libxml2-utils package have the word kali in them, I reported this issue directly at the exploitdb git: |
|
This report has been filed against an old version of Kali. We will be closing this ticket due to inactivity. |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2020-03-20 16:20 | aech66 | New Issue | |
2020-03-20 16:20 | aech66 | File Added: after | |
2020-03-20 16:20 | aech66 | File Added: before.txt | |
2020-03-20 16:20 | aech66 | File Added: scan.xml | |
2020-03-22 19:22 | aech66 | Note Added: 0012506 | |
2020-03-31 13:13 | aech66 | Note Added: 0012572 | |
2020-12-01 10:42 | g0tmi1k | Note Added: 0013867 | |
2020-12-01 10:42 | g0tmi1k | Status | new => closed |