Skip to content

Instantly share code, notes, and snippets.

@SagaieNet
Created May 5, 2026 07:21
Show Gist options
  • Select an option

  • Save SagaieNet/a7ac63874bd4ab1636c8ff56d9ebfde4 to your computer and use it in GitHub Desktop.

Select an option

Save SagaieNet/a7ac63874bd4ab1636c8ff56d9ebfde4 to your computer and use it in GitHub Desktop.
Sagaie - Script de vérification rapide CVE-2026-31431 (Copy Fail)
#!/bin/bash
# Script de vérification rapide CVE-2026-31431 (Copy Fail)
# Auteur: Oliver - Sagaie IT
# Usage: ./cve-2026-31431-check.sh [host1 host2 ...]
set -e
# Couleurs pour l'affichage
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
CYAN='\033[0;36m'
BOLD='\033[1m'
NC='\033[0m' # No Color
# Banner
echo -e "${BLUE}${BOLD}"
echo "=================================================================="
echo " CVE-2026-31431 (Copy Fail) Checker"
echo " Sagaie IT - 2026"
echo "=================================================================="
echo -e "${NC}"
# Fonction de vérification locale
check_local() {
echo -e "${CYAN}[INFO] Vérification système local...${NC}"
echo "=================================================="
# Informations système
echo -e "${BLUE}[INFO] Système: $(uname -s) $(uname -r)${NC}"
echo -e "${BLUE}[INFO] Hostname: $(hostname)${NC}"
# Version kernel
KERNEL_VERSION=$(uname -r)
echo -e "${BLUE}[INFO] Kernel: $KERNEL_VERSION${NC}"
# Distribution
if [ -f /etc/os-release ]; then
DISTRO=$(grep PRETTY_NAME /etc/os-release | cut -d'"' -f2)
echo -e "${BLUE}[INFO] Distribution: $DISTRO${NC}"
fi
# Vérifier vulnérabilité kernel
echo ""
echo -e "${CYAN}[CHECK] Analyse vulnérabilité kernel...${NC}"
# Parse version (format X.Y.Z)
MAJOR=$(echo $KERNEL_VERSION | cut -d'.' -f1)
MINOR=$(echo $KERNEL_VERSION | cut -d'.' -f2)
PATCH=$(echo $KERNEL_VERSION | cut -d'.' -f3 | cut -d'-' -f1)
VULNERABLE=false
if [[ $MAJOR -eq 4 && $MINOR -ge 14 ]]; then
VULNERABLE=true
elif [[ $MAJOR -ge 5 && $MAJOR -le 6 ]]; then
VULNERABLE=true
elif [[ $MAJOR -eq 7 && $MINOR -eq 0 && "$KERNEL_VERSION" == *"rc"* ]]; then
VULNERABLE=true
fi
if [ "$VULNERABLE" = true ]; then
echo -e " ${RED}[WARNING] Version kernel VULNÉRABLE${NC}"
else
echo -e " ${GREEN}[OK] Version kernel NON vulnérable${NC}"
fi
# Vérifier module algif_aead
echo ""
echo -e "${CYAN}[CHECK] Vérification module algif_aead...${NC}"
# Config kernel
CONFIG_FILE="/boot/config-$KERNEL_VERSION"
ALGIF_CONFIG="unknown"
if [ -f "$CONFIG_FILE" ]; then
if grep -q "CONFIG_CRYPTO_USER_API_AEAD=y" "$CONFIG_FILE"; then
ALGIF_CONFIG="builtin"
echo -e " ${YELLOW}[INFO] Module: intégré au kernel${NC}"
elif grep -q "CONFIG_CRYPTO_USER_API_AEAD=m" "$CONFIG_FILE"; then
ALGIF_CONFIG="module"
echo -e " ${BLUE}[INFO] Module: module chargeable${NC}"
else
echo -e " ${GREEN}[OK] Module: non configuré${NC}"
fi
else
echo -e " ${YELLOW}[WARNING] Config kernel introuvable: $CONFIG_FILE${NC}"
fi
# Module chargé ?
ALGIF_LOADED=false
if lsmod | grep -q algif_aead; then
ALGIF_LOADED=true
echo -e " ${RED}[WARNING] Statut: module chargé${NC}"
else
echo -e " ${GREEN}[OK] Statut: module non chargé${NC}"
fi
# Mitigation modprobe ?
ALGIF_DISABLED=false
if grep -r "algif_aead.*false" /etc/modprobe.d/ 2>/dev/null | grep -q algif_aead; then
ALGIF_DISABLED=true
echo -e " ${GREEN}[OK] Mitigation: module désactivé${NC}"
else
echo -e " ${YELLOW}[WARNING] Mitigation: aucune détectée${NC}"
fi
# Test socket AF_ALG (version simplifiée)
echo ""
echo -e "${CYAN}[CHECK] Test socket AF_ALG...${NC}"
# Vérifier si AF_ALG est supporté
if [ -d /proc/crypto ]; then
if grep -q "authencesn" /proc/crypto 2>/dev/null; then
echo -e " ${YELLOW}[WARNING] Algorithme authencesn disponible${NC}"
else
echo -e " ${GREEN}[OK] Algorithme authencesn non trouvé${NC}"
fi
fi
# Évaluation finale
echo ""
echo "=================================================="
SYSTEM_VULNERABLE=false
if [ "$VULNERABLE" = true ] && ([ "$ALGIF_CONFIG" = "builtin" ] || [ "$ALGIF_LOADED" = true ]) && [ "$ALGIF_DISABLED" = false ]; then
SYSTEM_VULNERABLE=true
fi
if [ "$SYSTEM_VULNERABLE" = true ]; then
echo -e "${RED}${BOLD}[CRITIQUE] SYSTÈME VULNÉRABLE À CVE-2026-31431${NC}"
echo ""
echo -e "${YELLOW}[ACTION] ACTIONS REQUISES IMMÉDIATEMENT:${NC}"
echo " 1. Appliquer patch kernel disponible"
echo " 2. Redémarrer le système"
echo " 3. Si patch indisponible, mitigation temporaire:"
echo ""
echo -e "${CYAN} # Vérification type module${NC}"
echo " grep CONFIG_CRYPTO_USER_API_AEAD /boot/config-\$(uname -r)"
echo ""
echo -e "${CYAN} # Si module (=m), désactiver:${NC}"
echo " echo 'install algif_aead /bin/false' > /etc/modprobe.d/disable-algif.conf"
echo " rmmod algif_aead 2>/dev/null || true"
echo ""
echo -e "${YELLOW} # Si builtin (=y), seul le patch kernel corrige${NC}"
else
echo -e "${GREEN}${BOLD}[OK] SYSTÈME PROBABLEMENT PROTÉGÉ${NC}"
if [ "$VULNERABLE" = false ]; then
echo -e "${GREEN} Raison: Version kernel non vulnérable${NC}"
elif [ "$ALGIF_DISABLED" = true ]; then
echo -e "${GREEN} Raison: Module algif_aead désactivé${NC}"
elif [ "$ALGIF_CONFIG" != "builtin" ] && [ "$ALGIF_LOADED" = false ]; then
echo -e "${GREEN} Raison: Module algif_aead non chargé${NC}"
fi
fi
echo ""
}
# Fonction de vérification distante
check_remote() {
local host=$1
echo -e "${BLUE}[REMOTE] Vérification de $host...${NC}"
if ! command -v ssh &> /dev/null; then
echo -e " ${RED}[ERREUR] SSH client non disponible${NC}"
return 1
fi
# Test connectivité
if ! ssh -o ConnectTimeout=5 -o BatchMode=yes "$host" "echo 'connected'" 2>/dev/null | grep -q connected; then
echo -e " ${RED}[ERREUR] Impossible de se connecter via SSH${NC}"
return 1
fi
# Récupérer infos système
REMOTE_KERNEL=$(ssh "$host" "uname -r" 2>/dev/null)
REMOTE_DISTRO=$(ssh "$host" "grep PRETTY_NAME /etc/os-release 2>/dev/null | cut -d'\"' -f2 || echo 'Unknown'" 2>/dev/null)
echo -e " ${CYAN}[INFO] Kernel: $REMOTE_KERNEL${NC}"
echo -e " ${CYAN}[INFO] Distribution: $REMOTE_DISTRO${NC}"
# Vérifier vulnérabilité (version simplifiée)
REMOTE_MAJOR=$(echo "$REMOTE_KERNEL" | cut -d'.' -f1)
REMOTE_MINOR=$(echo "$REMOTE_KERNEL" | cut -d'.' -f2)
REMOTE_VULNERABLE=false
if [[ $REMOTE_MAJOR -eq 4 && $REMOTE_MINOR -ge 14 ]] || [[ $REMOTE_MAJOR -ge 5 && $REMOTE_MAJOR -le 6 ]] || [[ $REMOTE_MAJOR -eq 7 && $REMOTE_MINOR -eq 0 ]]; then
REMOTE_VULNERABLE=true
fi
# Vérifier module
REMOTE_ALGIF_CONFIG=$(ssh "$host" "grep CONFIG_CRYPTO_USER_API_AEAD /boot/config-\$(uname -r) 2>/dev/null || echo 'config not found'" 2>/dev/null)
REMOTE_ALGIF_LOADED=$(ssh "$host" "lsmod | grep algif_aead 2>/dev/null || echo 'not loaded'" 2>/dev/null)
REMOTE_ALGIF_DISABLED=$(ssh "$host" "grep -r 'algif_aead.*false' /etc/modprobe.d/ 2>/dev/null || echo 'not disabled'" 2>/dev/null)
# Évaluation
if [ "$REMOTE_VULNERABLE" = true ] && ([[ "$REMOTE_ALGIF_CONFIG" == *"=y"* ]] || [[ "$REMOTE_ALGIF_LOADED" == *"algif_aead"* ]]) && [[ "$REMOTE_ALGIF_DISABLED" != *"algif_aead"* ]]; then
echo -e " ${RED}${BOLD}[CRITIQUE] VULNÉRABLE${NC}"
return 2
else
echo -e " ${GREEN}${BOLD}[OK] PROTÉGÉ${NC}"
return 0
fi
}
# Main
if [ $# -eq 0 ]; then
# Vérification locale
check_local
else
# Vérification distante
TOTAL_HOSTS=$#
VULNERABLE_COUNT=0
ERROR_COUNT=0
for host in "$@"; do
check_remote "$host"
case $? in
0) ;; # Protégé
1) ((ERROR_COUNT++)) ;; # Erreur
2) ((VULNERABLE_COUNT++)) ;; # Vulnérable
esac
echo ""
done
echo "=================================================="
echo -e "${BLUE}${BOLD}[RESUME] RÉSUMÉ:${NC}"
echo -e " Total hosts: ${BOLD}$TOTAL_HOSTS${NC}"
echo -e " Vulnérables: ${RED}${BOLD}$VULNERABLE_COUNT${NC}"
echo -e " Erreurs: ${YELLOW}${BOLD}$ERROR_COUNT${NC}"
echo -e " Protégés: ${GREEN}${BOLD}$((TOTAL_HOSTS - VULNERABLE_COUNT - ERROR_COUNT))${NC}"
fi
echo ""
echo -e "${BLUE}[INFO] Plus d'infos: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31431${NC}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment