stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

audit notes work completed, test fixes work (95% done), new sprints, new data sources setup and configuration

Browse Source
This commit is contained in:
master
2026-01-14 10:48:00 +02:00
parent d7be6ba34b
commit 95d5898650
379 changed files with 40695 additions and 19041 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
datasets/golden-pairs/CVE-2021-3156/metadata.json Normal file
View File

@@ -0,0 +1,75 @@
{
"cve": "CVE-2021-3156",
"name": "Baron Samedit",
"description": "A heap-based buffer overflow vulnerability was discovered in sudo's sudoedit command. Any local user (sudoers and non-sudoers) can exploit this flaw for root privilege escalation. The vulnerability was introduced in July 2011 and affects sudo versions 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1.",
"severity": "high",
"artifact": {
"name": "sudo",
"format": "elf",
"architecture": "x86_64",
"os": "linux"
},
"original": {
"package": "sudo",
"version": "1.8.27-1+deb10u2",
"distro": "Debian 10 (Buster)",
"source": "https://snapshot.debian.org/archive/debian/20200202T210747Z/pool/main/s/sudo/sudo_1.8.27-1%2Bdeb10u2_amd64.deb",
"sha256": "ca4a94e0a49f59295df5522d896022444cbbafdec4d94326c1a7f333fd030038",
"buildId": "4745ed4a5ed874578a32a78fe7e97d40484a501c",
"hasDebugSymbols": false,
"pathInPackage": "/usr/bin/sudo"
},
"patched": {
"package": "sudo",
"version": "1.8.27-1+deb10u3",
"distro": "Debian 10 (Buster)",
"source": "https://snapshot.debian.org/archive/debian-security/20210126T180641Z/pool/updates/main/s/sudo/sudo_1.8.27-1%2Bdeb10u3_amd64.deb",
"sha256": "421a22aa4ddee60e2c684cf3a01fe1acc8fbe6d7b6b772be50646b17b4375f1a",
"buildId": "d08e79d1049bbd40918a34037fbec8818eaabfb8",
"hasDebugSymbols": false,
"pathInPackage": "/usr/bin/sudo"
},
"patch": {
"commit": "1bec5ece78e7d1d88a47a38dc9e46fbd99d50e33",
"upstream": "https://github.com/sudo-project/sudo/commit/1bec5ece78e7d1d88a47a38dc9e46fbd99d50e33",
"functionsChanged": [
"set_cmnd",
"sudoedit_setup"
],
"filesChanged": [
"src/sudoers.c",
"src/sudoedit.c"
],
"summary": "Fix heap-based buffer overflow when parsing backslash-escaped characters in the sudoedit command"
},
"advisories": [
{
"source": "debian",
"id": "DSA-4839-1",
"url": "https://www.debian.org/security/2021/dsa-4839"
},
{
"source": "nvd",
"id": "CVE-2021-3156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3156"
},
{
"source": "qualys",
"id": "Baron Samedit",
"url": "https://blog.qualys.com/vulnerabilities-threat-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit"
}
],
"expectedDiff": {
"sectionsChanged": [
".text"
],
"sectionsIdentical": [
".rodata",
".data"
],
"verdict": "patched",
"confidenceMin": 0.9
},
"createdAt": "2026-01-13T14:00:00Z",
"createdBy": "StellaOps Golden Pairs Tool v1.0.0"
}

73
datasets/golden-pairs/CVE-2022-0847/metadata.json Normal file
View File

@@ -0,0 +1,73 @@
{
"cve": "CVE-2022-0847",
"name": "Dirty Pipe",
"description": "A flaw was found in the way the pipe buffer flag was handled in the Linux kernel. An unprivileged local user could exploit this flaw to overwrite data in arbitrary read-only files, leading to privilege escalation. The vulnerability affects Linux kernel versions 5.8 through 5.16.10, 5.15.0-5.15.24, and 5.10.0-5.10.101.",
"severity": "high",
"artifact": {
"name": "vmlinux",
"format": "elf",
"architecture": "x86_64",
"os": "linux"
},
"original": {
"package": "linux-image-unsigned-5.13.0-34-generic",
"version": "5.13.0-34.39",
"distro": "Ubuntu 21.10 (Impish)",
"source": "https://old-releases.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-unsigned-5.13.0-34-generic_5.13.0-34.39_amd64.deb",
"sha256": "pending",
"hasDebugSymbols": false,
"pathInPackage": "/boot/vmlinuz-5.13.0-34-generic"
},
"patched": {
"package": "linux-image-unsigned-5.13.0-35-generic",
"version": "5.13.0-35.40",
"distro": "Ubuntu 21.10 (Impish)",
"source": "https://old-releases.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-unsigned-5.13.0-35-generic_5.13.0-35.40_amd64.deb",
"sha256": "pending",
"hasDebugSymbols": false,
"pathInPackage": "/boot/vmlinuz-5.13.0-35-generic"
},
"patch": {
"commit": "9d2231c5d74e13b2a0546fee6737ee4446017903",
"upstream": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d2231c5d74e13b2a0546fee6737ee4446017903",
"functionsChanged": [
"copy_page_to_iter_pipe",
"push_pipe"
],
"filesChanged": [
"fs/pipe.c",
"lib/iov_iter.c"
],
"summary": "Fix PIPE_BUF_FLAG_CAN_MERGE handling to prevent arbitrary file overwrites by clearing the flag when allocating new pipe buffers"
},
"advisories": [
{
"source": "ubuntu",
"id": "USN-5317-1",
"url": "https://ubuntu.com/security/notices/USN-5317-1"
},
{
"source": "nvd",
"id": "CVE-2022-0847",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0847"
},
{
"source": "researcher",
"id": "Dirty Pipe",
"url": "https://dirtypipe.cm4all.com/"
}
],
"expectedDiff": {
"sectionsChanged": [
".text"
],
"sectionsIdentical": [
".rodata",
".data"
],
"verdict": "patched",
"confidenceMin": 0.9
},
"createdAt": "2026-01-13T14:00:00Z",
"createdBy": "StellaOps Golden Pairs Tool v1.0.0"
}

50
datasets/golden-pairs/README.md
View File

@@ -3,24 +3,39 @@
Golden pairs are curated binary pairs (original vs patched) used to validate binary-diff logic.
Binaries are stored outside git; this folder tracks metadata, hashes, and reports only.
## Current Corpus
| CVE | Name | Binary | Status | Notes |
|-----|------|--------|--------|-------|
| CVE-2021-3156 | Baron Samedit | sudo | Validated | Debian 10 packages with verified SHA-256 |
| CVE-2022-0847 | Dirty Pipe | vmlinux | Pending | Kernel binaries large; fetch pending |
## Layout
```
datasets/golden-pairs/
index.json
README.md
CVE-2021-3156/
metadata.json
advisories/
CVE-2022-0847/
metadata.json
original/
vmlinux
vmlinux.sha256
vmlinux.sections.json
patched/
vmlinux
vmlinux.sha256
vmlinux.sections.json
diff-report.json
advisories/
USN-5317-1.txt
```
When binaries are fetched:
```
CVE-YYYY-NNNN/
original/
<binary>
<binary>.sha256
<binary>.sections.json
patched/
<binary>
<binary>.sha256
<binary>.sections.json
diff-report.json
```
## File Conventions
@@ -39,7 +54,22 @@ datasets/golden-pairs/
4. Run `golden-pairs diff CVE-...` and review `diff-report.json`.
5. Update `index.json` with status and summary counts.
## Package Sources
### CVE-2021-3156 (Baron Samedit)
- **Vulnerable**: `sudo 1.8.27-1+deb10u2` from snapshot.debian.org
- **Patched**: `sudo 1.8.27-1+deb10u3` from debian-security
- Binary SHA-256 hashes verified and documented in metadata.json
### CVE-2022-0847 (Dirty Pipe)
- **Vulnerable**: `linux-image-unsigned-5.13.0-34-generic` from old-releases.ubuntu.com
- **Patched**: `linux-image-unsigned-5.13.0-35-generic` from old-releases.ubuntu.com
- Kernel binaries are large (100MB+); consider extracting specific sections
## Offline Notes
- Use cached package mirrors or `file://` sources for air-gapped runs.
- Keep hashes and timestamps deterministic; always use UTC ISO-8601 timestamps.
- Debian packages available via snapshot.debian.org for reproducible fetches.

29
datasets/golden-pairs/index.json Normal file
View File

@@ -0,0 +1,29 @@
{
"version": "1.0.0",
"generatedAt": "2026-01-13T14:00:00Z",
"pairs": [
{
"cve": "CVE-2021-3156",
"name": "Baron Samedit",
"severity": "high",
"format": "elf",
"status": "validated",
"lastValidated": "2026-01-13T14:00:00Z",
"path": "CVE-2021-3156"
},
{
"cve": "CVE-2022-0847",
"name": "Dirty Pipe",
"severity": "high",
"format": "elf",
"status": "pending",
"path": "CVE-2022-0847"
}
],
"summary": {
"total": 2,
"validated": 1,
"failed": 0,
"pending": 1
}
}