]> git.ipfire.org Git - ipfire-2.x.git/blob - html/cgi-bin/vulnerabilities.cgi
vulnerabilities.cgi: Add English and German translations for new flaws
[ipfire-2.x.git] / html / cgi-bin / vulnerabilities.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23
24 # enable only the following on debugging purpose
25 #use warnings;
26 #use CGI::Carp 'fatalsToBrowser';
27
28 require '/var/ipfire/general-functions.pl';
29 require "${General::swroot}/lang.pl";
30 require "${General::swroot}/header.pl";
31
32 my %VULNERABILITIES = (
33 "gather_data_sampling" => "$Lang::tr{'downfall gather data sampling'} (CVE-2022-40982)",
34 "itlb_multihit" => "$Lang::tr{'itlb multihit'} (CVE-2018-12207)",
35 "l1tf" => "$Lang::tr{'foreshadow'} (CVE-2018-3620)",
36 "mds" => "$Lang::tr{'fallout zombieload ridl'} (CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091)",
37 "meltdown" => "$Lang::tr{'meltdown'} (CVE-2017-5754)",
38 "mmio_stale_data" => "$Lang::tr{'mmio stale data'} (CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166)",
39 "retbleed" => "$Lang::tr{'retbleed'} (CVE-2022-29900, CVE-2022-29901)",
40 "spec_rstack_overflow" => "$Lang::tr{'spec rstack overflow'} (CVE-2023-20569)",
41 "spec_store_bypass" => "$Lang::tr{'spectre variant 4'} (CVE-2018-3639)",
42 "spectre_v1" => "$Lang::tr{'spectre variant 1'} (CVE-2017-5753)",
43 "spectre_v2" => "$Lang::tr{'spectre variant 2'} (CVE-2017-5715)",
44 "srbds" => "$Lang::tr{'srbds'} (CVE-2020-0543)",
45 "tsx_async_abort" => "$Lang::tr{'taa zombieload2'} (CVE-2019-11135)",
46 );
47
48 my $errormessage = "";
49 my $notice = "";
50
51 my %mainsettings = ();
52 my %color = ();
53 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
54 &General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
55
56 my %settings = (
57 "ENABLE_SMT" => "auto",
58 );
59 &General::readhash("${General::swroot}/main/security", \%settings);
60
61 &Header::showhttpheaders();
62
63 &Header::getcgihash(\%settings);
64
65 if ($settings{'ACTION'} eq $Lang::tr{'save'}) {
66 if ($settings{'ENABLE_SMT'} !~ /^(auto|on)$/) {
67 $errormessage = $Lang::tr{'invalid input'};
68 }
69
70 unless ($errormessage) {
71 &General::writehash("${General::swroot}/main/security", \%settings);
72 $notice = $Lang::tr{'please reboot to apply your changes'};
73 }
74 }
75
76 my %checked = ();
77 $checked{'ENABLE_SMT'}{'auto'} = '';
78 $checked{'ENABLE_SMT'}{'on'} = '';
79 $checked{'ENABLE_SMT'}{$settings{'ENABLE_SMT'}} = "checked";
80
81 &Header::openpage($Lang::tr{'processor vulnerability mitigations'}, 1, '');
82
83 &Header::openbigbox("100%", "left", "", $errormessage);
84
85 if ($errormessage) {
86 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
87 print "<font color='red'>$errormessage</font>";
88 &Header::closebox();
89 }
90
91 if ($notice) {
92 &Header::openbox('100%', 'left', $Lang::tr{'notice'});
93 print "<font color='red'>$notice</font>";
94 &Header::closebox();
95 }
96
97 &Header::openbox('100%', 'center', $Lang::tr{'processor vulnerability mitigations'});
98
99 print <<END;
100 <table class="tbl" width='100%'>
101 <thead>
102 <tr>
103 <th align="center">
104 <strong>$Lang::tr{'vulnerability'}</strong>
105 </th>
106 <th align="center">
107 <strong>$Lang::tr{'status'}</strong>
108 </th>
109 </tr>
110 </thead>
111 <tbody>
112 END
113
114 my $id = 0;
115 for my $vuln (sort keys %VULNERABILITIES) {
116 my ($status, $message) = &check_status($vuln);
117 next if (!$status);
118
119 my $colour = "";
120 my $bgcolour = "";
121 my $status_message = "";
122
123 # Not affected
124 if ($status eq "Not affected") {
125 $status_message = $Lang::tr{'not affected'};
126 $colour = "white";
127 $bgcolour = ${Header::colourgreen};
128
129 # Vulnerable
130 } elsif ($status eq "Vulnerable") {
131 $status_message = $Lang::tr{'vulnerable'};
132 $colour = "white";
133 $bgcolour = ${Header::colourred};
134
135 # Mitigated
136 } elsif ($status eq "Mitigation") {
137 $status_message = $Lang::tr{'mitigated'};
138 $colour = "white";
139 $bgcolour = ${Header::colourblue};
140
141 # Unknown report from kernel
142 } else {
143 $status_message = $status;
144 $colour = "black";
145 $bgcolour = ${Header::colouryellow};
146 }
147
148 my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'};
149
150 print <<END;
151 <tr bgcolor="$table_colour">
152 <td align="left">
153 <strong>$VULNERABILITIES{$vuln}</strong>
154 </td>
155
156 <td bgcolor="$bgcolour" align="center">
157 <font color="$colour">
158 END
159 if ($message) {
160 print "<strong>$status_message</strong> - $message";
161 } else {
162 print "<strong>$status_message</strong>";
163 }
164
165 print <<END;
166 </font>
167 </td>
168 </tr>
169 END
170 }
171
172 print <<END;
173 </tbody>
174 </table>
175 END
176
177 &Header::closebox();
178
179 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
180
181 &Header::openbox('100%', 'center', $Lang::tr{'settings'});
182
183 my $smt_status = &smt_status();
184
185 print <<END;
186 <table class="tbl" width="66%">
187 <tbody>
188 <tr>
189 <th colspan="2" align="center">
190 <strong>$smt_status</strong>
191 </th>
192 </tr>
193
194 <tr>
195 <td width="50%" align="left">
196 $Lang::tr{'enable smt'}
197 </td>
198
199 <td width="50%" align="center">
200 <label>
201 <input type="radio" name="ENABLE_SMT"
202 value="auto" $checked{'ENABLE_SMT'}{'auto'}>
203 $Lang::tr{'automatic'}
204 </label> /
205 <label>
206 <input type="radio" name="ENABLE_SMT"
207 value="on" $checked{'ENABLE_SMT'}{'on'}>
208 $Lang::tr{'force enable'} ($Lang::tr{'dangerous'})
209 </label>
210 </td>
211 </tr>
212
213 <tr>
214 <td colspan="2" align="right">
215 <input type="submit" name="ACTION" value="$Lang::tr{'save'}">
216 </td>
217 </tr>
218 </tbody>
219 </table>
220 END
221
222 &Header::closebox();
223
224 print "</form>\n";
225
226 &Header::closebigbox();
227
228 &Header::closepage();
229
230 sub check_status($) {
231 my $vuln = shift;
232
233 open(FILE, "/sys/devices/system/cpu/vulnerabilities/$vuln") or return undef;
234 my $status = <FILE>;
235 close(FILE);
236
237 chomp($status);
238
239 # Fix status when something has been mitigated, but not fully, yet
240 if ($status =~ /^(Mitigation): (.*vulnerable.*)$/) {
241 return ("Vulnerable", $status);
242 }
243
244 if ($status =~ /^(Vulnerable|Mitigation): (.*)$/) {
245 return ($1, $2);
246 }
247
248 return $status;
249 }
250
251 sub smt_status() {
252 open(FILE, "/sys/devices/system/cpu/smt/control");
253 my $status = <FILE>;
254 close(FILE);
255
256 chomp($status);
257
258 if ($status eq "on") {
259 return $Lang::tr{'smt enabled'};
260 } elsif (($status eq "off") || ($status eq "forceoff")) {
261 return $Lang::tr{'smt disabled'};
262 } elsif ($status eq "notsupported") {
263 return $Lang::tr{'smt not supported'};
264 }
265
266 return $status;
267 }