Created
May 5, 2026 07:21
-
-
Save SagaieNet/a7ac63874bd4ab1636c8ff56d9ebfde4 to your computer and use it in GitHub Desktop.
Sagaie - Script de vérification rapide CVE-2026-31431 (Copy Fail)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Script de vérification rapide CVE-2026-31431 (Copy Fail) | |
| # Auteur: Oliver - Sagaie IT | |
| # Usage: ./cve-2026-31431-check.sh [host1 host2 ...] | |
| set -e | |
| # Couleurs pour l'affichage | |
| RED='\033[0;31m' | |
| GREEN='\033[0;32m' | |
| YELLOW='\033[1;33m' | |
| BLUE='\033[0;34m' | |
| CYAN='\033[0;36m' | |
| BOLD='\033[1m' | |
| NC='\033[0m' # No Color | |
| # Banner | |
| echo -e "${BLUE}${BOLD}" | |
| echo "==================================================================" | |
| echo " CVE-2026-31431 (Copy Fail) Checker" | |
| echo " Sagaie IT - 2026" | |
| echo "==================================================================" | |
| echo -e "${NC}" | |
| # Fonction de vérification locale | |
| check_local() { | |
| echo -e "${CYAN}[INFO] Vérification système local...${NC}" | |
| echo "==================================================" | |
| # Informations système | |
| echo -e "${BLUE}[INFO] Système: $(uname -s) $(uname -r)${NC}" | |
| echo -e "${BLUE}[INFO] Hostname: $(hostname)${NC}" | |
| # Version kernel | |
| KERNEL_VERSION=$(uname -r) | |
| echo -e "${BLUE}[INFO] Kernel: $KERNEL_VERSION${NC}" | |
| # Distribution | |
| if [ -f /etc/os-release ]; then | |
| DISTRO=$(grep PRETTY_NAME /etc/os-release | cut -d'"' -f2) | |
| echo -e "${BLUE}[INFO] Distribution: $DISTRO${NC}" | |
| fi | |
| # Vérifier vulnérabilité kernel | |
| echo "" | |
| echo -e "${CYAN}[CHECK] Analyse vulnérabilité kernel...${NC}" | |
| # Parse version (format X.Y.Z) | |
| MAJOR=$(echo $KERNEL_VERSION | cut -d'.' -f1) | |
| MINOR=$(echo $KERNEL_VERSION | cut -d'.' -f2) | |
| PATCH=$(echo $KERNEL_VERSION | cut -d'.' -f3 | cut -d'-' -f1) | |
| VULNERABLE=false | |
| if [[ $MAJOR -eq 4 && $MINOR -ge 14 ]]; then | |
| VULNERABLE=true | |
| elif [[ $MAJOR -ge 5 && $MAJOR -le 6 ]]; then | |
| VULNERABLE=true | |
| elif [[ $MAJOR -eq 7 && $MINOR -eq 0 && "$KERNEL_VERSION" == *"rc"* ]]; then | |
| VULNERABLE=true | |
| fi | |
| if [ "$VULNERABLE" = true ]; then | |
| echo -e " ${RED}[WARNING] Version kernel VULNÉRABLE${NC}" | |
| else | |
| echo -e " ${GREEN}[OK] Version kernel NON vulnérable${NC}" | |
| fi | |
| # Vérifier module algif_aead | |
| echo "" | |
| echo -e "${CYAN}[CHECK] Vérification module algif_aead...${NC}" | |
| # Config kernel | |
| CONFIG_FILE="/boot/config-$KERNEL_VERSION" | |
| ALGIF_CONFIG="unknown" | |
| if [ -f "$CONFIG_FILE" ]; then | |
| if grep -q "CONFIG_CRYPTO_USER_API_AEAD=y" "$CONFIG_FILE"; then | |
| ALGIF_CONFIG="builtin" | |
| echo -e " ${YELLOW}[INFO] Module: intégré au kernel${NC}" | |
| elif grep -q "CONFIG_CRYPTO_USER_API_AEAD=m" "$CONFIG_FILE"; then | |
| ALGIF_CONFIG="module" | |
| echo -e " ${BLUE}[INFO] Module: module chargeable${NC}" | |
| else | |
| echo -e " ${GREEN}[OK] Module: non configuré${NC}" | |
| fi | |
| else | |
| echo -e " ${YELLOW}[WARNING] Config kernel introuvable: $CONFIG_FILE${NC}" | |
| fi | |
| # Module chargé ? | |
| ALGIF_LOADED=false | |
| if lsmod | grep -q algif_aead; then | |
| ALGIF_LOADED=true | |
| echo -e " ${RED}[WARNING] Statut: module chargé${NC}" | |
| else | |
| echo -e " ${GREEN}[OK] Statut: module non chargé${NC}" | |
| fi | |
| # Mitigation modprobe ? | |
| ALGIF_DISABLED=false | |
| if grep -r "algif_aead.*false" /etc/modprobe.d/ 2>/dev/null | grep -q algif_aead; then | |
| ALGIF_DISABLED=true | |
| echo -e " ${GREEN}[OK] Mitigation: module désactivé${NC}" | |
| else | |
| echo -e " ${YELLOW}[WARNING] Mitigation: aucune détectée${NC}" | |
| fi | |
| # Test socket AF_ALG (version simplifiée) | |
| echo "" | |
| echo -e "${CYAN}[CHECK] Test socket AF_ALG...${NC}" | |
| # Vérifier si AF_ALG est supporté | |
| if [ -d /proc/crypto ]; then | |
| if grep -q "authencesn" /proc/crypto 2>/dev/null; then | |
| echo -e " ${YELLOW}[WARNING] Algorithme authencesn disponible${NC}" | |
| else | |
| echo -e " ${GREEN}[OK] Algorithme authencesn non trouvé${NC}" | |
| fi | |
| fi | |
| # Évaluation finale | |
| echo "" | |
| echo "==================================================" | |
| SYSTEM_VULNERABLE=false | |
| if [ "$VULNERABLE" = true ] && ([ "$ALGIF_CONFIG" = "builtin" ] || [ "$ALGIF_LOADED" = true ]) && [ "$ALGIF_DISABLED" = false ]; then | |
| SYSTEM_VULNERABLE=true | |
| fi | |
| if [ "$SYSTEM_VULNERABLE" = true ]; then | |
| echo -e "${RED}${BOLD}[CRITIQUE] SYSTÈME VULNÉRABLE À CVE-2026-31431${NC}" | |
| echo "" | |
| echo -e "${YELLOW}[ACTION] ACTIONS REQUISES IMMÉDIATEMENT:${NC}" | |
| echo " 1. Appliquer patch kernel disponible" | |
| echo " 2. Redémarrer le système" | |
| echo " 3. Si patch indisponible, mitigation temporaire:" | |
| echo "" | |
| echo -e "${CYAN} # Vérification type module${NC}" | |
| echo " grep CONFIG_CRYPTO_USER_API_AEAD /boot/config-\$(uname -r)" | |
| echo "" | |
| echo -e "${CYAN} # Si module (=m), désactiver:${NC}" | |
| echo " echo 'install algif_aead /bin/false' > /etc/modprobe.d/disable-algif.conf" | |
| echo " rmmod algif_aead 2>/dev/null || true" | |
| echo "" | |
| echo -e "${YELLOW} # Si builtin (=y), seul le patch kernel corrige${NC}" | |
| else | |
| echo -e "${GREEN}${BOLD}[OK] SYSTÈME PROBABLEMENT PROTÉGÉ${NC}" | |
| if [ "$VULNERABLE" = false ]; then | |
| echo -e "${GREEN} Raison: Version kernel non vulnérable${NC}" | |
| elif [ "$ALGIF_DISABLED" = true ]; then | |
| echo -e "${GREEN} Raison: Module algif_aead désactivé${NC}" | |
| elif [ "$ALGIF_CONFIG" != "builtin" ] && [ "$ALGIF_LOADED" = false ]; then | |
| echo -e "${GREEN} Raison: Module algif_aead non chargé${NC}" | |
| fi | |
| fi | |
| echo "" | |
| } | |
| # Fonction de vérification distante | |
| check_remote() { | |
| local host=$1 | |
| echo -e "${BLUE}[REMOTE] Vérification de $host...${NC}" | |
| if ! command -v ssh &> /dev/null; then | |
| echo -e " ${RED}[ERREUR] SSH client non disponible${NC}" | |
| return 1 | |
| fi | |
| # Test connectivité | |
| if ! ssh -o ConnectTimeout=5 -o BatchMode=yes "$host" "echo 'connected'" 2>/dev/null | grep -q connected; then | |
| echo -e " ${RED}[ERREUR] Impossible de se connecter via SSH${NC}" | |
| return 1 | |
| fi | |
| # Récupérer infos système | |
| REMOTE_KERNEL=$(ssh "$host" "uname -r" 2>/dev/null) | |
| REMOTE_DISTRO=$(ssh "$host" "grep PRETTY_NAME /etc/os-release 2>/dev/null | cut -d'\"' -f2 || echo 'Unknown'" 2>/dev/null) | |
| echo -e " ${CYAN}[INFO] Kernel: $REMOTE_KERNEL${NC}" | |
| echo -e " ${CYAN}[INFO] Distribution: $REMOTE_DISTRO${NC}" | |
| # Vérifier vulnérabilité (version simplifiée) | |
| REMOTE_MAJOR=$(echo "$REMOTE_KERNEL" | cut -d'.' -f1) | |
| REMOTE_MINOR=$(echo "$REMOTE_KERNEL" | cut -d'.' -f2) | |
| REMOTE_VULNERABLE=false | |
| if [[ $REMOTE_MAJOR -eq 4 && $REMOTE_MINOR -ge 14 ]] || [[ $REMOTE_MAJOR -ge 5 && $REMOTE_MAJOR -le 6 ]] || [[ $REMOTE_MAJOR -eq 7 && $REMOTE_MINOR -eq 0 ]]; then | |
| REMOTE_VULNERABLE=true | |
| fi | |
| # Vérifier module | |
| REMOTE_ALGIF_CONFIG=$(ssh "$host" "grep CONFIG_CRYPTO_USER_API_AEAD /boot/config-\$(uname -r) 2>/dev/null || echo 'config not found'" 2>/dev/null) | |
| REMOTE_ALGIF_LOADED=$(ssh "$host" "lsmod | grep algif_aead 2>/dev/null || echo 'not loaded'" 2>/dev/null) | |
| REMOTE_ALGIF_DISABLED=$(ssh "$host" "grep -r 'algif_aead.*false' /etc/modprobe.d/ 2>/dev/null || echo 'not disabled'" 2>/dev/null) | |
| # Évaluation | |
| if [ "$REMOTE_VULNERABLE" = true ] && ([[ "$REMOTE_ALGIF_CONFIG" == *"=y"* ]] || [[ "$REMOTE_ALGIF_LOADED" == *"algif_aead"* ]]) && [[ "$REMOTE_ALGIF_DISABLED" != *"algif_aead"* ]]; then | |
| echo -e " ${RED}${BOLD}[CRITIQUE] VULNÉRABLE${NC}" | |
| return 2 | |
| else | |
| echo -e " ${GREEN}${BOLD}[OK] PROTÉGÉ${NC}" | |
| return 0 | |
| fi | |
| } | |
| # Main | |
| if [ $# -eq 0 ]; then | |
| # Vérification locale | |
| check_local | |
| else | |
| # Vérification distante | |
| TOTAL_HOSTS=$# | |
| VULNERABLE_COUNT=0 | |
| ERROR_COUNT=0 | |
| for host in "$@"; do | |
| check_remote "$host" | |
| case $? in | |
| 0) ;; # Protégé | |
| 1) ((ERROR_COUNT++)) ;; # Erreur | |
| 2) ((VULNERABLE_COUNT++)) ;; # Vulnérable | |
| esac | |
| echo "" | |
| done | |
| echo "==================================================" | |
| echo -e "${BLUE}${BOLD}[RESUME] RÉSUMÉ:${NC}" | |
| echo -e " Total hosts: ${BOLD}$TOTAL_HOSTS${NC}" | |
| echo -e " Vulnérables: ${RED}${BOLD}$VULNERABLE_COUNT${NC}" | |
| echo -e " Erreurs: ${YELLOW}${BOLD}$ERROR_COUNT${NC}" | |
| echo -e " Protégés: ${GREEN}${BOLD}$((TOTAL_HOSTS - VULNERABLE_COUNT - ERROR_COUNT))${NC}" | |
| fi | |
| echo "" | |
| echo -e "${BLUE}[INFO] Plus d'infos: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31431${NC}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment