View Issue Details

IDProjectCategoryView StatusLast Update
0006206Kali LinuxKali Package Bugpublic2020-12-01 10:42
Reporteraech66 Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionopen 
Product Version2020.1 
Summary0006206: sudo apt dist-upgrade breaks searchsploit results
Description

starting with a Kali 2020.1 virtualbox last updated TWO WEEKS AGO.
default installation with kali-linux-large installed.

command: searchsploit --nmap scan.xml -v
(using the scan.xml file attached to this bug report)
gives satisfactory results, including both OpenSSH exploits and a Nostromo exploit
(see attached file before.txt)

when just updating this single package to the newest:
sudo apt install exploitdb
doesn't change anything, still working fine.

But after full system upgrade:
sudo apt update && sudo apt dist-upgrade -y
the results become incomplete, only some results for OpenSSH show, and not even all of them.
(see attached file after.txt)

So the update of SOME OTHER package then exploitdb breaks the search results for searchsploit when using the --nmap flag

Steps To Reproduce

I couldn't reproduce on live cd, but on an installed system it happens each time, just take an older system, eg Kali 2019.4 and it works, then dist-upgrade and it goes wrong.
I tested it with different xml files from different nmap scans and each time the results are incomplete.
At this point I wouldn't know where to start troubleshooting.

Attached Files
after (5,248 bytes)   
-------------------------------------------------------------------------------------------------------------------- ----------------------------------------
 Exploit Title                                                                                                      |  Path
                                                                                                                    | (/usr/share/exploitdb/)
-------------------------------------------------------------------------------------------------------------------- ----------------------------------------
Debian OpenSSH - (Authenticated) Remote SELinux Privilege Escalation                                                | exploits/linux/remote/6094.txt
Dropbear / OpenSSH Server - 'MAX_UNAUTH_CLIENTS' Denial of Service                                                  | exploits/multiple/dos/1572.pl
FreeBSD OpenSSH 3.5p1 - Remote Command Execution                                                                    | exploits/freebsd/remote/17462.txt
Novell Netware 6.5 - OpenSSH Remote Stack Overflow                                                                  | exploits/novell/dos/14866.txt
OpenSSH 1.2 - '.scp' File Create/Overwrite                                                                          | exploits/linux/remote/20253.sh
OpenSSH 2.3 < 7.7 - Username Enumeration                                                                            | exploits/linux/remote/45233.py
OpenSSH 2.3 < 7.7 - Username Enumeration (PoC)                                                                      | exploits/linux/remote/45210.py
OpenSSH 2.x/3.0.1/3.0.2 - Channel Code Off-by-One                                                                   | exploits/unix/remote/21314.txt
OpenSSH 2.x/3.x - Kerberos 4 TGT/AFS Token Buffer Overflow                                                          | exploits/linux/remote/21402.txt
OpenSSH 3.x - Challenge-Response Buffer Overflow (1)                                                                | exploits/unix/remote/21578.txt
OpenSSH 3.x - Challenge-Response Buffer Overflow (2)                                                                | exploits/unix/remote/21579.txt
OpenSSH 4.3 p1 - Duplicated Block Remote Denial of Service                                                          | exploits/multiple/dos/2444.sh
OpenSSH 6.8 < 6.9 - 'PTY' Local Privilege Escalation                                                                | exploits/linux/local/41173.c
OpenSSH 7.2 - Denial of Service                                                                                     | exploits/linux/dos/40888.py
OpenSSH 7.2p1 - (Authenticated) xauth Command Injection                                                             | exploits/multiple/remote/39569.py
OpenSSH 7.2p2 - Username Enumeration                                                                                | exploits/linux/remote/40136.py
OpenSSH < 6.6 SFTP (x64) - Command Execution                                                                        | exploits/linux_x86-64/remote/45000.c
OpenSSH < 6.6 SFTP - Command Execution                                                                              | exploits/linux/remote/45001.py
OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Escalation                | exploits/linux/local/40962.txt
OpenSSH < 7.4 - agent Protocol Arbitrary Library Loading                                                            | exploits/linux/remote/40963.txt
OpenSSH < 7.7 - User Enumeration (2)                                                                                | exploits/linux/remote/45939.py
OpenSSH SCP Client - Write Arbitrary Files                                                                          | exploits/multiple/remote/46516.py
OpenSSH/PAM 3.6.1p1 - 'gossh.sh' Remote Users Ident                                                                 | exploits/linux/remote/26.sh
OpenSSH/PAM 3.6.1p1 - Remote Users Discovery Tool                                                                   | exploits/linux/remote/25.c
OpenSSHd 7.2p2 - Username Enumeration                                                                               | exploits/linux/remote/40113.txt
Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack                                                                | exploits/multiple/remote/3303.sh
glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x - File Read                                                              | exploits/linux/local/258.sh
-------------------------------------------------------------------------------------------------------------------- ----------------------------------------
Shellcodes: No Result


after (5,248 bytes)   
before.txt (10,636 bytes)   
---------------------------------------------------------------------------------------------- ----------------------------------------
 Exploit Title                                                                                |  Path
                                                                                              | (/usr/share/exploitdb/)
---------------------------------------------------------------------------------------------- ----------------------------------------
Debian OpenSSH - (Authenticated) Remote SELinux Privilege Escalation                          | exploits/linux/remote/6094.txt
Dropbear / OpenSSH Server - 'MAX_UNAUTH_CLIENTS' Denial of Service                            | exploits/multiple/dos/1572.pl
FreeBSD OpenSSH 3.5p1 - Remote Command Execution                                              | exploits/freebsd/remote/17462.txt
Novell Netware 6.5 - OpenSSH Remote Stack Overflow                                            | exploits/novell/dos/14866.txt
OpenSSH 1.2 - '.scp' File Create/Overwrite                                                    | exploits/linux/remote/20253.sh
OpenSSH 2.3 < 7.7 - Username Enumeration                                                      | exploits/linux/remote/45233.py
OpenSSH 2.3 < 7.7 - Username Enumeration (PoC)                                                | exploits/linux/remote/45210.py
OpenSSH 2.x/3.0.1/3.0.2 - Channel Code Off-by-One                                             | exploits/unix/remote/21314.txt
OpenSSH 2.x/3.x - Kerberos 4 TGT/AFS Token Buffer Overflow                                    | exploits/linux/remote/21402.txt
OpenSSH 3.x - Challenge-Response Buffer Overflow (1)                                          | exploits/unix/remote/21578.txt
OpenSSH 3.x - Challenge-Response Buffer Overflow (2)                                          | exploits/unix/remote/21579.txt
OpenSSH 4.3 p1 - Duplicated Block Remote Denial of Service                                    | exploits/multiple/dos/2444.sh
OpenSSH 6.8 < 6.9 - 'PTY' Local Privilege Escalation                                          | exploits/linux/local/41173.c
OpenSSH 7.2 - Denial of Service                                                               | exploits/linux/dos/40888.py
OpenSSH 7.2p1 - (Authenticated) xauth Command Injection                                       | exploits/multiple/remote/39569.py
OpenSSH 7.2p2 - Username Enumeration                                                          | exploits/linux/remote/40136.py
OpenSSH < 6.6 SFTP (x64) - Command Execution                                                  | exploits/linux_x86-64/remote/45000.c
OpenSSH < 6.6 SFTP - Command Execution                                                        | exploits/linux/remote/45001.py
OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Esc | exploits/linux/local/40962.txt
OpenSSH < 7.4 - agent Protocol Arbitrary Library Loading                                      | exploits/linux/remote/40963.txt
OpenSSH < 7.7 - User Enumeration (2)                                                          | exploits/linux/remote/45939.py
OpenSSH SCP Client - Write Arbitrary Files                                                    | exploits/multiple/remote/46516.py
OpenSSH/PAM 3.6.1p1 - 'gossh.sh' Remote Users Ident                                           | exploits/linux/remote/26.sh
OpenSSH/PAM 3.6.1p1 - Remote Users Discovery Tool                                             | exploits/linux/remote/25.c
OpenSSHd 7.2p2 - Username Enumeration                                                         | exploits/linux/remote/40113.txt
Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack                                          | exploits/multiple/remote/3303.sh
glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x - File Read                                        | exploits/linux/local/258.sh
---------------------------------------------------------------------------------------------- ----------------------------------------
Shellcodes: No Result


---------------------------------------------------------------------------------------------- ----------------------------------------
 Exploit Title                                                                                |  Path
                                                                                              | (/usr/share/exploitdb/)
---------------------------------------------------------------------------------------------- ----------------------------------------
OpenSSH 2.3 < 7.7 - Username Enumeration                                                      | exploits/linux/remote/45233.py
OpenSSH 2.3 < 7.7 - Username Enumeration (PoC)                                                | exploits/linux/remote/45210.py
OpenSSH 7.2 - Denial of Service                                                               | exploits/linux/dos/40888.py
OpenSSH 7.2p1 - (Authenticated) xauth Command Injection                                       | exploits/multiple/remote/39569.py
OpenSSH 7.2p2 - Username Enumeration                                                          | exploits/linux/remote/40136.py
OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Esc | exploits/linux/local/40962.txt
OpenSSH < 7.4 - agent Protocol Arbitrary Library Loading                                      | exploits/linux/remote/40963.txt
OpenSSH < 7.7 - User Enumeration (2)                                                          | exploits/linux/remote/45939.py
OpenSSHd 7.2p2 - Username Enumeration                                                         | exploits/linux/remote/40113.txt
---------------------------------------------------------------------------------------------- ----------------------------------------
Shellcodes: No Result


---------------------------------------------------------------------------------------------- ----------------------------------------
 Exploit Title                                                                                |  Path
                                                                                              | (/usr/share/exploitdb/)
---------------------------------------------------------------------------------------------- ----------------------------------------
Nostromo - Directory Traversal Remote Command Execution (Metasploit)                          | exploits/multiple/remote/47573.rb
nostromo 1.9.6 - Remote Code Execution                                                        | exploits/multiple/remote/47837.py
nostromo nhttpd 1.9.3 - Directory Traversal Remote Command Execution                          | exploits/linux/remote/35466.sh
---------------------------------------------------------------------------------------------- ----------------------------------------
Shellcodes: No Result


---------------------------------------------------------------------------------------------- ----------------------------------------
 Exploit Title                                                                                |  Path
                                                                                              | (/usr/share/exploitdb/)
---------------------------------------------------------------------------------------------- ----------------------------------------
nostromo 1.9.6 - Remote Code Execution                                                        | exploits/multiple/remote/47837.py
nostromo nhttpd 1.9.3 - Directory Traversal Remote Command Execution                          | exploits/linux/remote/35466.sh
---------------------------------------------------------------------------------------------- ----------------------------------------
Shellcodes: No Result


---------------------------------------------------------------------------------------------- ----------------------------------------
 Exploit Title                                                                                |  Path
                                                                                              | (/usr/share/exploitdb/)
---------------------------------------------------------------------------------------------- ----------------------------------------
nostromo 1.9.6 - Remote Code Execution                                                        | exploits/multiple/remote/47837.py
nostromo nhttpd 1.9.3 - Directory Traversal Remote Command Execution                          | exploits/linux/remote/35466.sh
---------------------------------------------------------------------------------------------- ----------------------------------------
Shellcodes: No Result


---------------------------------------------------------------------------------------------- ----------------------------------------
 Exploit Title                                                                                |  Path
                                                                                              | (/usr/share/exploitdb/)
---------------------------------------------------------------------------------------------- ----------------------------------------
nostromo 1.9.6 - Remote Code Execution                                                        | exploits/multiple/remote/47837.py
---------------------------------------------------------------------------------------------- ----------------------------------------
Shellcodes: No Result


before.txt (10,636 bytes)   
scan.xml (5,483 bytes)

Activities

aech66

aech66

2020-03-22 19:22

reporter   ~0012506

The cause has been traced to the following package: libxml2-utils.
When updating this package to the newest version 2.9.10+dfsg-4, searchsploit gets in trouble parsing xml files.
It shows only results for the first open port detected by nmap!

Maybe the libxml2-utils package affects other tools that depend on it.

aech66

aech66

2020-03-31 13:13

reporter   ~0012572

Since neither exploitdb package and libxml2-utils package have the word kali in them, I reported this issue directly at the exploitdb git:

https://github.com/offensive-security/exploitdb/issues/158

g0tmi1k

g0tmi1k

2020-12-01 10:42

administrator   ~0013867

This report has been filed against an old version of Kali. We will be closing this ticket due to inactivity.
Please could you see if you are able to replicate this issue with the latest version of Kali Linux (https://www.kali.org/downloads/)?
If you are still facing the same problem, feel free to re-open the ticket. If you choose to do this, could you provide more information to the issue you are facing, and also give information about your setup?
For more information, please read: https://kali.training/topic/filing-a-good-bug-report/

Issue History

Date Modified Username Field Change
2020-03-20 16:20 aech66 New Issue
2020-03-20 16:20 aech66 File Added: after
2020-03-20 16:20 aech66 File Added: before.txt
2020-03-20 16:20 aech66 File Added: scan.xml
2020-03-22 19:22 aech66 Note Added: 0012506
2020-03-31 13:13 aech66 Note Added: 0012572
2020-12-01 10:42 g0tmi1k Note Added: 0013867
2020-12-01 10:42 g0tmi1k Status new => closed