CVE-2020-10759 PoC — fwupd 数据伪造问题漏洞

Source

https://github.com/justinsteven/CVE-2020-10759-poc

Associated Vulnerability

Title:fwupd 数据伪造问题漏洞 (CVE-2020-10759)
Description:fwupd是一款支持Linux平台上的会话软件固件更新的插件。 fwupd中存在数据伪造问题漏洞。该漏洞源于网络系统或产品未充分验证数据的来源或真实性。攻击者可利用伪造的数据进行攻击。

Description

Proof of Concept for CVE-2020-10759 (fwupd signature validation bypass)

Readme

# Summary

Exploits CVE-2020-10759 - `fwupd` PGP signature verification bypass. See
<https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md>
for more details.

# Requirements

Note: You need to install `python3-gpg` from your OS vendor. This module
doesn't like being installed via `pip` because it needs to match your system's
installation of `libgpgme`.

```
apt install python3-flask python3-gpg python3-lxml
```

File Snapshot


 [4.0K]  /data/pocs/fa1a764c04225fc2cfea9031a18859fda789b8cd
├── [ 498]  README.md
└── [ 13K]  serve.py

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!