magnetforensics / dumpit-linux Goto Github PK
View Code? Open in Web Editor NEWMemory acquisition for Linux that makes sense.
License: Apache License 2.0
dumpit-linux's People
Contributors
![mend-for-github-com[bot] avatar](https://avatars.githubusercontent.com/in/30796?v=4 "mend-for-github-com[bot]")
Stargazers
Watchers
Forkers
n4rr34n6 ileansys vadymkornev rmccrystal bon3less knighttechdev zha0 deefir hddefend fcgreg tony7466dumpit-linux's Issues
vergen-7.4.3.crate: 3 vulnerabilities (highest severity is: 9.8)
Vulnerable Library - vergen-7.4.3.crate
Found in HEAD commit: ff1328545be7a0c82f80f4b3686f867ef0be5adc
Vulnerabilities
| CVE | Severity |  CVSS |
Dependency | Type | Fixed in (vergen version) | Remediation Available |
|---|---|---|---|---|---|---|
| CVE-2022-37434 |  High |
9.8 | detected in multiple dependencies | Transitive | N/A* | ❌ |
| CVE-2018-25032 | High |
7.5 | detected in multiple dependencies | Transitive | N/A* | ❌ |
| WS-2020-0368 |  Medium |
6.5 | detected in multiple dependencies | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.
Details
CVE-2022-37434
Vulnerable Libraries - libz-sys-1.1.8.crate, libgit2-sys-0.13.4+1.4.2.crate
libz-sys-1.1.8.crate
Low-level bindings to the system libz library (also known as zlib).
Library home page: https://crates.io/api/v1/crates/libz-sys/1.1.8/download
Dependency Hierarchy:
- vergen-7.4.3.crate (Root Library)
- git2-0.14.4.crate
- libgit2-sys-0.13.4+1.4.2.crate
- ❌ libz-sys-1.1.8.crate (Vulnerable Library)
- libgit2-sys-0.13.4+1.4.2.crate
- git2-0.14.4.crate
libgit2-sys-0.13.4+1.4.2.crate
Native bindings to the libgit2 library
Library home page: https://crates.io/api/v1/crates/libgit2-sys/0.13.4+1.4.2/download
Dependency Hierarchy:
- vergen-7.4.3.crate (Root Library)
- git2-0.14.4.crate
- ❌ libgit2-sys-0.13.4+1.4.2.crate (Vulnerable Library)
- git2-0.14.4.crate
Found in HEAD commit: ff1328545be7a0c82f80f4b3686f867ef0be5adc
Found in base branch: main
Vulnerability Details
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Publish Date: 2022-08-05
URL: CVE-2022-37434
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVE-2018-25032
Vulnerable Libraries - libgit2-sys-0.13.4+1.4.2.crate, libz-sys-1.1.8.crate
libgit2-sys-0.13.4+1.4.2.crate
Native bindings to the libgit2 library
Library home page: https://crates.io/api/v1/crates/libgit2-sys/0.13.4+1.4.2/download
Dependency Hierarchy:
- vergen-7.4.3.crate (Root Library)
- git2-0.14.4.crate
- ❌ libgit2-sys-0.13.4+1.4.2.crate (Vulnerable Library)
- git2-0.14.4.crate
libz-sys-1.1.8.crate
Low-level bindings to the system libz library (also known as zlib).
Library home page: https://crates.io/api/v1/crates/libz-sys/1.1.8/download
Dependency Hierarchy:
- vergen-7.4.3.crate (Root Library)
- git2-0.14.4.crate
- libgit2-sys-0.13.4+1.4.2.crate
- ❌ libz-sys-1.1.8.crate (Vulnerable Library)
- libgit2-sys-0.13.4+1.4.2.crate
- git2-0.14.4.crate
Found in HEAD commit: ff1328545be7a0c82f80f4b3686f867ef0be5adc
Found in base branch: main
Vulnerability Details
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Publish Date: 2022-03-25
URL: CVE-2018-25032
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-25032
Release Date: 2022-03-25
Fix Resolution: libstd-rs - 1.57.0;bioconductor-netreg - 1.13.1;tcl - 8.6.11;sudo - 1.8.32;bjam-native - 1.74.0;ccache - 4.1,3.3.4;libgit2 - 1.3.0;cmake - 3.19.5,3.7.2,3.7.0,3.22.0,3.17.3;slamdunk - 0.4.0;rsync - 3.2.1;cmake-native - 3.15.5,3.18.4,3.17.3,3.22.0,3.7.0;mentalist - 0.2.3;ghostscript - 9.55.0
WS-2020-0368
Vulnerable Libraries - libz-sys-1.1.8.crate, libgit2-sys-0.13.4+1.4.2.crate
libz-sys-1.1.8.crate
Low-level bindings to the system libz library (also known as zlib).
Library home page: https://crates.io/api/v1/crates/libz-sys/1.1.8/download
Dependency Hierarchy:
- vergen-7.4.3.crate (Root Library)
- git2-0.14.4.crate
- libgit2-sys-0.13.4+1.4.2.crate
- ❌ libz-sys-1.1.8.crate (Vulnerable Library)
- libgit2-sys-0.13.4+1.4.2.crate
- git2-0.14.4.crate
libgit2-sys-0.13.4+1.4.2.crate
Native bindings to the libgit2 library
Library home page: https://crates.io/api/v1/crates/libgit2-sys/0.13.4+1.4.2/download
Dependency Hierarchy:
- vergen-7.4.3.crate (Root Library)
- git2-0.14.4.crate
- ❌ libgit2-sys-0.13.4+1.4.2.crate (Vulnerable Library)
- git2-0.14.4.crate
Found in HEAD commit: ff1328545be7a0c82f80f4b3686f867ef0be5adc
Found in base branch: main
Vulnerability Details
Zlib in versions v0.8 to v1.2.11 is vulnerable to use-of-uninitialized-value in inflate.
There are a couple of places in inflate() where UPDATE is called with state->check as its first parameter, without a guarantee that this value has been initialized (state comes from a ZALLOC in inflateInit). This causes use of uninitialized check value.
Publish Date: 2020-02-22
URL: WS-2020-0368
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/WS-2020-0368
Release Date: 2020-02-22
Fix Resolution: cmake-native - 3.15.5;binutils-cross-testsuite - 2.35;libstd-rs - 1.57.0;gdb - 11.1,9.2;tcl - 8.6.11;sudo - 1.8.32;binutils - 2.35,2.28;ccache - 3.3.3,4.1;libgit2 - 1.3.0;cmake - 3.19.5,3.7.0,3.7.2,3.22.0,3.17.3;cmake-native - 3.17.3,3.7.0,3.22.0,3.18.4;ghostscript - 9.55.0
thread 'main' panicked at 'assertion failed
Hey, Dear,
I'm just testing DumpIt for Linux and getting the following error. I researched a lot about it, but I couldn't find a solution/workaround.
I tried to run the tool at Kali and Ubuntu 20.04, too. The same happened on both cases.
The error is at the image:
Do you have any idea to solve this issue?
Thank you!
vergen-7.4.2.crate: 3 vulnerabilities (highest severity is: 9.8)
Vulnerable Library - vergen-7.4.2.crate
Found in HEAD commit: e3cf3a870242cd915c832124a349c80d0da8fca4
Vulnerabilities
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (vergen version) | Remediation Available |
|---|---|---|---|---|---|---|
| CVE-2022-37434 | High |
9.8 | detected in multiple dependencies | Transitive | N/A* | ❌ |
| CVE-2018-25032 | High |
7.5 | detected in multiple dependencies | Transitive | N/A* | ❌ |
| WS-2020-0368 | Medium |
6.5 | detected in multiple dependencies | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.
Details
CVE-2022-37434
Vulnerable Libraries - libz-sys-1.1.8.crate, libgit2-sys-0.13.4+1.4.2.crate
libz-sys-1.1.8.crate
Low-level bindings to the system libz library (also known as zlib).
Library home page: https://crates.io/api/v1/crates/libz-sys/1.1.8/download
Dependency Hierarchy:
- vergen-7.4.2.crate (Root Library)
- git2-0.14.4.crate
- libgit2-sys-0.13.4+1.4.2.crate
- ❌ libz-sys-1.1.8.crate (Vulnerable Library)
- libgit2-sys-0.13.4+1.4.2.crate
- git2-0.14.4.crate
libgit2-sys-0.13.4+1.4.2.crate
Native bindings to the libgit2 library
Library home page: https://crates.io/api/v1/crates/libgit2-sys/0.13.4+1.4.2/download
Dependency Hierarchy:
- vergen-7.4.2.crate (Root Library)
- git2-0.14.4.crate
- ❌ libgit2-sys-0.13.4+1.4.2.crate (Vulnerable Library)
- git2-0.14.4.crate
Found in HEAD commit: e3cf3a870242cd915c832124a349c80d0da8fca4
Found in base branch: main
Vulnerability Details
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Publish Date: 2022-08-05
URL: CVE-2022-37434
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVE-2018-25032
Vulnerable Libraries - libgit2-sys-0.13.4+1.4.2.crate, libz-sys-1.1.8.crate
libgit2-sys-0.13.4+1.4.2.crate
Native bindings to the libgit2 library
Library home page: https://crates.io/api/v1/crates/libgit2-sys/0.13.4+1.4.2/download
Dependency Hierarchy:
- vergen-7.4.2.crate (Root Library)
- git2-0.14.4.crate
- ❌ libgit2-sys-0.13.4+1.4.2.crate (Vulnerable Library)
- git2-0.14.4.crate
libz-sys-1.1.8.crate
Low-level bindings to the system libz library (also known as zlib).
Library home page: https://crates.io/api/v1/crates/libz-sys/1.1.8/download
Dependency Hierarchy:
- vergen-7.4.2.crate (Root Library)
- git2-0.14.4.crate
- libgit2-sys-0.13.4+1.4.2.crate
- ❌ libz-sys-1.1.8.crate (Vulnerable Library)
- libgit2-sys-0.13.4+1.4.2.crate
- git2-0.14.4.crate
Found in HEAD commit: e3cf3a870242cd915c832124a349c80d0da8fca4
Found in base branch: main
Vulnerability Details
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Publish Date: 2022-03-25
URL: CVE-2018-25032
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-25032
Release Date: 2022-03-25
Fix Resolution: libstd-rs - 1.57.0;bioconductor-netreg - 1.13.1;tcl - 8.6.11;sudo - 1.8.32;bjam-native - 1.74.0;ccache - 4.1,3.3.4;libgit2 - 1.3.0;cmake - 3.19.5,3.7.2,3.7.0,3.22.0,3.17.3;slamdunk - 0.4.0;rsync - 3.2.1;cmake-native - 3.15.5,3.18.4,3.17.3,3.22.0,3.7.0;mentalist - 0.2.3;ghostscript - 9.55.0
WS-2020-0368
Vulnerable Libraries - libz-sys-1.1.8.crate, libgit2-sys-0.13.4+1.4.2.crate
libz-sys-1.1.8.crate
Low-level bindings to the system libz library (also known as zlib).
Library home page: https://crates.io/api/v1/crates/libz-sys/1.1.8/download
Dependency Hierarchy:
- vergen-7.4.2.crate (Root Library)
- git2-0.14.4.crate
- libgit2-sys-0.13.4+1.4.2.crate
- ❌ libz-sys-1.1.8.crate (Vulnerable Library)
- libgit2-sys-0.13.4+1.4.2.crate
- git2-0.14.4.crate
libgit2-sys-0.13.4+1.4.2.crate
Native bindings to the libgit2 library
Library home page: https://crates.io/api/v1/crates/libgit2-sys/0.13.4+1.4.2/download
Dependency Hierarchy:
- vergen-7.4.2.crate (Root Library)
- git2-0.14.4.crate
- ❌ libgit2-sys-0.13.4+1.4.2.crate (Vulnerable Library)
- git2-0.14.4.crate
Found in HEAD commit: e3cf3a870242cd915c832124a349c80d0da8fca4
Found in base branch: main
Vulnerability Details
Zlib in versions v0.8 to v1.2.11 is vulnerable to use-of-uninitialized-value in inflate.
There are a couple of places in inflate() where UPDATE is called with state->check as its first parameter, without a guarantee that this value has been initialized (state comes from a ZALLOC in inflateInit). This causes use of uninitialized check value.
Publish Date: 2020-02-22
URL: WS-2020-0368
CVSS 3 Score Details (6.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/WS-2020-0368
Release Date: 2020-02-22
Fix Resolution: cmake-native - 3.15.5;binutils-cross-testsuite - 2.35;libstd-rs - 1.57.0;gdb - 11.1,9.2;tcl - 8.6.11;sudo - 1.8.32;binutils - 2.35,2.28;ccache - 3.3.3,4.1;libgit2 - 1.3.0;cmake - 3.19.5,3.7.0,3.7.2,3.22.0,3.17.3;cmake-native - 3.17.3,3.7.0,3.22.0,3.18.4;ghostscript - 9.55.0
Issue#4 Resolved but the dumped memory couldn't be analyzed using crash
#5 : Resolved the issue 'main' panicked at 'assertion failed
However, I am not able to analyze the dump using crash. The vmlinux file was generated according to the running kernel. Two versions of crash utility were used for testing and none of them were able to read the dump (even by providing System Map), though live analysis using crash and the vmlinux works. Error : crash: read error: kernel virtual address type: "page_offset_base", which means the dump was not generated correctly. Tried with multiple dumps and same error.
I suspect the generated dump has an integrity issue. Any help, would be great.
Command:
crash -S -d 300 /usr/lib/debug/lib/modules/uname -r/vmlinux dumpit-linux/target/release/kcore.dumpit.4.18.0-425.10.1.el8_7.x86_64.2023-01-30-0112.core
Running it on GNU/Linux Endaevour os With 6.4+ KERNEL doesn't work
logs
[2023-07-25T02:50:48Z INFO dumpitforlinux] Reconstructed ELF header length is 0x4000.
[2023-07-25T02:50:48Z INFO dumpitforlinux] Creating .tar.zst archive...
[2023-07-25T02:50:48Z INFO dumpitforlinux] Writing /proc/kallsyms file...
[2023-07-25T02:50:48Z INFO dumpitforlinux] Writing kcore.ram-dump.6.4.2-zen1-1-zen.2023-07-25-0250.core file...
[2023-07-25T02:50:48Z INFO dumpitforlinux] Writing 0x1000-0x87000 physical block...
[2023-07-25T02:50:48Z INFO dumpitforlinux] Writing 0x88000-0xa0000 physical block...
[2023-07-25T02:50:48Z INFO dumpitforlinux] Writing 0x100000-0x9b00000 physical block...
[2023-07-25T02:50:49Z INFO dumpitforlinux] Writing 0x9e00000-0x9f00000 physical block...
[2023-07-25T02:50:49Z INFO dumpitforlinux] Writing 0x9f0b000-0x8cf99000 physical block...
[2023-07-25T02:51:01Z INFO dumpitforlinux] Writing 0x8e199000-0x9ac71000 physical block...
[2023-07-25T02:51:03Z INFO dumpitforlinux] Writing 0x9acc9000-0xab3af000 physical block...
[2023-07-25T02:51:04Z INFO dumpitforlinux] Writing 0xaf7ff000-0xaf800000 physical block...
[2023-07-25T02:51:04Z INFO dumpitforlinux] Writing 0x100000000-0x1cf000000 physical block...
███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████░░░░░░ 3348103168/3472883712[2023-07-25T02:51:23Z ERROR dumpitforlinux::error] Bad address (os error 14)
Error: IoError("Bad address (os error 14)")
Doesn't work on generic Linux kernel nor Zen kernel.
Cross Compile
Do you know how to or.. could you add a guide on how to cross compile it with static linked libs ?
It would be luxsus if you also had a pre-compiled version to download :)
aarch64-unknown-linux-gnu
i686-pc-windows-gnu
i686-pc-windows-msvc
i686-unknown-linux-gnu
x86_64-apple-darwin
x86_64-pc-windows-gnu
x86_64-pc-windows-msvc
x86_64-unknown-linux-gnu
The util is really useful for memory forensics - thanks for the free code and hard work !
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.