Linux puskom-ProLiant-DL385-Gen10 5.4.0-150-generic #167~18.04.1-Ubuntu SMP Wed May 24 00:51:42 UTC 2023 x86_64

/var/www/html/bkd/berkas/

/var/www/html/bkd/berkas/tes.sh

#!/bin/bash echo "[*] Exim4 Local Privilege Escalation Vulnerability Scanner" echo # 1. Cari path exim4 EXIM_PATH=$(command -v exim4 2>/dev/null) if [ -z "$EXIM_PATH" ]; then echo "[!] Exim4 tidak ditemukan di PATH." exit 1 fi echo "[+] Exim4 path: $EXIM_PATH" # 2. Cek SUID root if [ -u "$EXIM_PATH" ]; then echo "[+] Exim4 memiliki SUID root." else echo "[+] Exim4 tidak memiliki SUID root (lebih aman)." exit 0 fi # 3. Ambil versi VERSION=$($EXIM_PATH --version | head -n 1 | awk '{print $3}') echo "[+] Exim4 version: $VERSION" # 4. Bandingkan versi VULN=false if [[ "$VERSION" =~ ^4\.84 ]]; then VULN=true echo "[!] Versi ini rentan terhadap beberapa LPE termasuk CVE-2016-1531." fi # 5. Tes dukungan perl_startup (safe check) echo "[+] Menguji opsi -ps (perl_startup) secara aman..." $EXIM_PATH -ps 'print "TEST_OK\n";' >/tmp/exim_test_output 2>/dev/null if grep -q "TEST_OK" /tmp/exim_test_output; then echo "[!] Exim menerima perl_startup => POTENSI LPE via CVE-2016-1531." VULN=true else echo "[+] perl_startup tidak aktif atau dibatasi." fi rm -f /tmp/exim_test_output # 6. Kesimpulan if [ "$VULN" = true ]; then echo echo "[!!!] SYSTEM STATUS: POSSIBLY VULNERABLE" echo " Binary SUID root dan versi tua dengan opsi perl_startup." else echo echo "[+] SYSTEM STATUS: SAFE (untuk CVE-2016-1531)" fi