magnetforensics / dumpit-linux Goto Github PK
View Code? Open in Web Editor NEWMemory acquisition for Linux that makes sense.
License: Apache License 2.0
Memory acquisition for Linux that makes sense.
License: Apache License 2.0
Found in HEAD commit: ff1328545be7a0c82f80f4b3686f867ef0be5adc
CVE | Severity | CVSS | Dependency | Type | Fixed in (vergen version) | Remediation Available |
---|---|---|---|---|---|---|
CVE-2022-37434 | High | 9.8 | detected in multiple dependencies | Transitive | N/A* | ❌ |
CVE-2018-25032 | High | 7.5 | detected in multiple dependencies | Transitive | N/A* | ❌ |
WS-2020-0368 | Medium | 6.5 | detected in multiple dependencies | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.
Low-level bindings to the system libz library (also known as zlib).
Library home page: https://crates.io/api/v1/crates/libz-sys/1.1.8/download
Dependency Hierarchy:
Native bindings to the libgit2 library
Library home page: https://crates.io/api/v1/crates/libgit2-sys/0.13.4+1.4.2/download
Dependency Hierarchy:
Found in HEAD commit: ff1328545be7a0c82f80f4b3686f867ef0be5adc
Found in base branch: main
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Publish Date: 2022-08-05
URL: CVE-2022-37434
Base Score Metrics:
Native bindings to the libgit2 library
Library home page: https://crates.io/api/v1/crates/libgit2-sys/0.13.4+1.4.2/download
Dependency Hierarchy:
Low-level bindings to the system libz library (also known as zlib).
Library home page: https://crates.io/api/v1/crates/libz-sys/1.1.8/download
Dependency Hierarchy:
Found in HEAD commit: ff1328545be7a0c82f80f4b3686f867ef0be5adc
Found in base branch: main
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Publish Date: 2022-03-25
URL: CVE-2018-25032
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-25032
Release Date: 2022-03-25
Fix Resolution: libstd-rs - 1.57.0;bioconductor-netreg - 1.13.1;tcl - 8.6.11;sudo - 1.8.32;bjam-native - 1.74.0;ccache - 4.1,3.3.4;libgit2 - 1.3.0;cmake - 3.19.5,3.7.2,3.7.0,3.22.0,3.17.3;slamdunk - 0.4.0;rsync - 3.2.1;cmake-native - 3.15.5,3.18.4,3.17.3,3.22.0,3.7.0;mentalist - 0.2.3;ghostscript - 9.55.0
Low-level bindings to the system libz library (also known as zlib).
Library home page: https://crates.io/api/v1/crates/libz-sys/1.1.8/download
Dependency Hierarchy:
Native bindings to the libgit2 library
Library home page: https://crates.io/api/v1/crates/libgit2-sys/0.13.4+1.4.2/download
Dependency Hierarchy:
Found in HEAD commit: ff1328545be7a0c82f80f4b3686f867ef0be5adc
Found in base branch: main
Zlib in versions v0.8 to v1.2.11 is vulnerable to use-of-uninitialized-value in inflate.
There are a couple of places in inflate() where UPDATE is called with state->check as its first parameter, without a guarantee that this value has been initialized (state comes from a ZALLOC in inflateInit). This causes use of uninitialized check value.
Publish Date: 2020-02-22
URL: WS-2020-0368
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/WS-2020-0368
Release Date: 2020-02-22
Fix Resolution: cmake-native - 3.15.5;binutils-cross-testsuite - 2.35;libstd-rs - 1.57.0;gdb - 11.1,9.2;tcl - 8.6.11;sudo - 1.8.32;binutils - 2.35,2.28;ccache - 3.3.3,4.1;libgit2 - 1.3.0;cmake - 3.19.5,3.7.0,3.7.2,3.22.0,3.17.3;cmake-native - 3.17.3,3.7.0,3.22.0,3.18.4;ghostscript - 9.55.0
Hey, Dear,
I'm just testing DumpIt for Linux and getting the following error. I researched a lot about it, but I couldn't find a solution/workaround.
I tried to run the tool at Kali and Ubuntu 20.04, too. The same happened on both cases.
The error is at the image:
Do you have any idea to solve this issue?
Thank you!
Found in HEAD commit: e3cf3a870242cd915c832124a349c80d0da8fca4
CVE | Severity | CVSS | Dependency | Type | Fixed in (vergen version) | Remediation Available |
---|---|---|---|---|---|---|
CVE-2022-37434 | High | 9.8 | detected in multiple dependencies | Transitive | N/A* | ❌ |
CVE-2018-25032 | High | 7.5 | detected in multiple dependencies | Transitive | N/A* | ❌ |
WS-2020-0368 | Medium | 6.5 | detected in multiple dependencies | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.
Low-level bindings to the system libz library (also known as zlib).
Library home page: https://crates.io/api/v1/crates/libz-sys/1.1.8/download
Dependency Hierarchy:
Native bindings to the libgit2 library
Library home page: https://crates.io/api/v1/crates/libgit2-sys/0.13.4+1.4.2/download
Dependency Hierarchy:
Found in HEAD commit: e3cf3a870242cd915c832124a349c80d0da8fca4
Found in base branch: main
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
Publish Date: 2022-08-05
URL: CVE-2022-37434
Base Score Metrics:
Native bindings to the libgit2 library
Library home page: https://crates.io/api/v1/crates/libgit2-sys/0.13.4+1.4.2/download
Dependency Hierarchy:
Low-level bindings to the system libz library (also known as zlib).
Library home page: https://crates.io/api/v1/crates/libz-sys/1.1.8/download
Dependency Hierarchy:
Found in HEAD commit: e3cf3a870242cd915c832124a349c80d0da8fca4
Found in base branch: main
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Publish Date: 2022-03-25
URL: CVE-2018-25032
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-25032
Release Date: 2022-03-25
Fix Resolution: libstd-rs - 1.57.0;bioconductor-netreg - 1.13.1;tcl - 8.6.11;sudo - 1.8.32;bjam-native - 1.74.0;ccache - 4.1,3.3.4;libgit2 - 1.3.0;cmake - 3.19.5,3.7.2,3.7.0,3.22.0,3.17.3;slamdunk - 0.4.0;rsync - 3.2.1;cmake-native - 3.15.5,3.18.4,3.17.3,3.22.0,3.7.0;mentalist - 0.2.3;ghostscript - 9.55.0
Low-level bindings to the system libz library (also known as zlib).
Library home page: https://crates.io/api/v1/crates/libz-sys/1.1.8/download
Dependency Hierarchy:
Native bindings to the libgit2 library
Library home page: https://crates.io/api/v1/crates/libgit2-sys/0.13.4+1.4.2/download
Dependency Hierarchy:
Found in HEAD commit: e3cf3a870242cd915c832124a349c80d0da8fca4
Found in base branch: main
Zlib in versions v0.8 to v1.2.11 is vulnerable to use-of-uninitialized-value in inflate.
There are a couple of places in inflate() where UPDATE is called with state->check as its first parameter, without a guarantee that this value has been initialized (state comes from a ZALLOC in inflateInit). This causes use of uninitialized check value.
Publish Date: 2020-02-22
URL: WS-2020-0368
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/WS-2020-0368
Release Date: 2020-02-22
Fix Resolution: cmake-native - 3.15.5;binutils-cross-testsuite - 2.35;libstd-rs - 1.57.0;gdb - 11.1,9.2;tcl - 8.6.11;sudo - 1.8.32;binutils - 2.35,2.28;ccache - 3.3.3,4.1;libgit2 - 1.3.0;cmake - 3.19.5,3.7.0,3.7.2,3.22.0,3.17.3;cmake-native - 3.17.3,3.7.0,3.22.0,3.18.4;ghostscript - 9.55.0
#5 : Resolved the issue 'main' panicked at 'assertion failed
However, I am not able to analyze the dump using crash. The vmlinux file was generated according to the running kernel. Two versions of crash utility were used for testing and none of them were able to read the dump (even by providing System Map), though live analysis using crash and the vmlinux works. Error : crash: read error: kernel virtual address type: "page_offset_base", which means the dump was not generated correctly. Tried with multiple dumps and same error.
I suspect the generated dump has an integrity issue. Any help, would be great.
Command:
crash -S -d 300 /usr/lib/debug/lib/modules/uname -r
/vmlinux dumpit-linux/target/release/kcore.dumpit.4.18.0-425.10.1.el8_7.x86_64.2023-01-30-0112.core
logs
[2023-07-25T02:50:48Z INFO dumpitforlinux] Reconstructed ELF header length is 0x4000.
[2023-07-25T02:50:48Z INFO dumpitforlinux] Creating .tar.zst archive...
[2023-07-25T02:50:48Z INFO dumpitforlinux] Writing /proc/kallsyms file...
[2023-07-25T02:50:48Z INFO dumpitforlinux] Writing kcore.ram-dump.6.4.2-zen1-1-zen.2023-07-25-0250.core file...
[2023-07-25T02:50:48Z INFO dumpitforlinux] Writing 0x1000-0x87000 physical block...
[2023-07-25T02:50:48Z INFO dumpitforlinux] Writing 0x88000-0xa0000 physical block...
[2023-07-25T02:50:48Z INFO dumpitforlinux] Writing 0x100000-0x9b00000 physical block...
[2023-07-25T02:50:49Z INFO dumpitforlinux] Writing 0x9e00000-0x9f00000 physical block...
[2023-07-25T02:50:49Z INFO dumpitforlinux] Writing 0x9f0b000-0x8cf99000 physical block...
[2023-07-25T02:51:01Z INFO dumpitforlinux] Writing 0x8e199000-0x9ac71000 physical block...
[2023-07-25T02:51:03Z INFO dumpitforlinux] Writing 0x9acc9000-0xab3af000 physical block...
[2023-07-25T02:51:04Z INFO dumpitforlinux] Writing 0xaf7ff000-0xaf800000 physical block...
[2023-07-25T02:51:04Z INFO dumpitforlinux] Writing 0x100000000-0x1cf000000 physical block...
███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████░░░░░░ 3348103168/3472883712[2023-07-25T02:51:23Z ERROR dumpitforlinux::error] Bad address (os error 14)
Error: IoError("Bad address (os error 14)")
Doesn't work on generic Linux kernel nor Zen kernel.
Do you know how to or.. could you add a guide on how to cross compile it with static linked libs ?
It would be luxsus if you also had a pre-compiled version to download :)
aarch64-unknown-linux-gnu
i686-pc-windows-gnu
i686-pc-windows-msvc
i686-unknown-linux-gnu
x86_64-apple-darwin
x86_64-pc-windows-gnu
x86_64-pc-windows-msvc
x86_64-unknown-linux-gnu
The util is really useful for memory forensics - thanks for the free code and hard work !
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.