From 25a98838d3b67413e266929d5b71c152a8162376 Mon Sep 17 00:00:00 2001 From: Yuvraj Saxena Date: Fri, 17 Oct 2025 18:35:36 +0530 Subject: [PATCH] Add testbed for CVE-2025-7775 Related PR: https://github.com/google/osv-scalibr/pull/1424 Related issue: https://github.com/google/osv-scalibr/issues/1245 Signed-off-by: Yuvraj Saxena --- netscaler/cve-2025-7775/Dockerfile | 13 ++++++++++++ netscaler/cve-2025-7775/README.md | 26 ++++++++++++++++++++++++ netscaler/cve-2025-7775/gentestdata.sh | 23 +++++++++++++++++++++ netscaler/cve-2025-7775/vulnerable.vmdk | Bin 0 -> 393216 bytes 4 files changed, 62 insertions(+) create mode 100644 netscaler/cve-2025-7775/Dockerfile create mode 100644 netscaler/cve-2025-7775/README.md create mode 100644 netscaler/cve-2025-7775/gentestdata.sh create mode 100644 netscaler/cve-2025-7775/vulnerable.vmdk diff --git a/netscaler/cve-2025-7775/Dockerfile b/netscaler/cve-2025-7775/Dockerfile new file mode 100644 index 00000000..2cb24dd1 --- /dev/null +++ b/netscaler/cve-2025-7775/Dockerfile @@ -0,0 +1,13 @@ +FROM ubuntu:22.04 + +RUN apt-get update + +RUN mkdir -p /testdata + +# Set working directory +WORKDIR /testdata + +# Copy vulnerable file into the container +COPY vulnerable.vmdk /testdata/vulnerable.vmdk + +CMD ["/bin/bash"] diff --git a/netscaler/cve-2025-7775/README.md b/netscaler/cve-2025-7775/README.md new file mode 100644 index 00000000..0622a084 --- /dev/null +++ b/netscaler/cve-2025-7775/README.md @@ -0,0 +1,26 @@ +# OSV-Scalibr: CVE-2025-7775 Detector + +This directory contains a test Dockerfile for validating OSV-Scalibr's CVE-2025-7775 detector plugin. + +## Setup + +### Build the Docker Image + +```bash +cd security-testbeds/netscaler/cve-2025-7775 +docker build -t cve-2025-7775 . +``` + +### Run the Container + +```bash +docker run -it --rm cve-2025-7775 /bin/bash +``` + +### Running OSV-Scalibr + +Build or copy the `scalibr` binary to the current directory, and inside the container, run `scalibr` with the CVE-2025-7775 detector: + +```bash +./scalibr --detectors=cve/cve-2025-7775 --extractors=embeddedfs/vmdk --result=output.textproto vulnerable.vmdk +``` diff --git a/netscaler/cve-2025-7775/gentestdata.sh b/netscaler/cve-2025-7775/gentestdata.sh new file mode 100644 index 00000000..9cc84cc0 --- /dev/null +++ b/netscaler/cve-2025-7775/gentestdata.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +dd if=/dev/zero of=valid.img bs=1M count=5 +parted -s --align optimal valid.img --script mklabel gpt +parted -s --align optimal valid.img --script mkpart primary 0% 100% +sudo losetup -fP valid.img +LOOPDEV=$(losetup -j valid.img | cut -d: -f1) +PARTITION1="${LOOPDEV}p1" +sudo mkfs.ext4 $PARTITION1 +sudo rm -rf /mnt/valid +sudo mkdir /mnt/valid +sudo mount ${PARTITION1} /mnt/valid +sudo mkdir -p /mnt/valid/flash/boot/ +sudo mkdir -p /mnt/valid/nsconfig/ +sudo mkdir -p /mnt/valid/netscaler/ +sudo cp loader.conf /mnt/valid/flash/boot/ +sudo cp ns-14.1-46.50.gz /mnt/valid/flash/boot/ +sudo cp ns.conf /mnt/valid/nsconfig/ +sudo cp nsversion /mnt/valid/netscaler/ +sudo umount /mnt/valid +sudo losetup -d ${LOOPDEV} +sudo rm -rf /mnt/valid *.vmdk +qemu-img convert valid.img -O vmdk valid.vmdk diff --git a/netscaler/cve-2025-7775/vulnerable.vmdk b/netscaler/cve-2025-7775/vulnerable.vmdk new file mode 100644 index 0000000000000000000000000000000000000000..237d3d3d34c593e5fc8a0fcc03da52b1a85c43d0 GIT binary patch literal 393216 zcmeI*ZH!!1835orvjy6vbPE)W=#Oy=0b)9Im!%NPLR~oSc=iYPAJ@D=DCdpljR_@XtbBuN@VO-_q1Nzym)nk2D5mRW;MlBAR5gxc~+ zwYG0)TVv*!#-U~Hgb|pXSzM^B%Ph`UI?9Fh)lzwBp(o$CF<-6}O2zh;#tW7&Za@3X zd0n0J&gp1epDX8!)!5ZlD~%oHe6E^by?K4Uy}7qkEcFzs-Gz=-VPqxW+}Jofvt&~> z?33xN9U#owxbm`0%iPwsxtUd$E?l{4Nv3&YuBXtM-Pqf?ZeW+y-T7KnxoR%6C|Aih z&R)EDQDb9g=hfMbg>rR6uIICttr?6l)1GN=YaZCNHec$^SIe8T9h-X!#m=xjZfu!* zz}D`3u5)n9yaTpW@*P27VB5Si2e;)qbL*@5a!fEzR_F{_#W1R+QctBWgw~d}v)j%& zb6(ro%{~Sb=1;#s2@oJafB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAJ zaRpACxS@;uFbMR;Il_a!eM1lX*3TK9_f7|YPC&4a7SuG&!=UV6HCd)KxVH!Qv9zCCl^Xie9)_k}jr zE4JPFVrZ0cF7QD6j;0&8l$YJSxxMhrvg>xYZh7tQYhSqI!mSO>_uqBPj@<{o??dUV zPs&Ll=}mH>-8|H(B|v}x0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAVA>Y1dd3Ox27b?`C+eZp?xLP zSmO7&41A|cUs#AWjGH=tPxrJ?Q%QgSs#jA3-w_l0!q$N@^qnzB$F;C>PG}wrldKDK z-um`;zuCTiQRb%CpWFSPb$cF-L+Z;Jy~XMo8*@E{&idZNyZp}HCucl$|MF+IS9e!l zo4qCEu^^dVJ4AgRhwG@BB(v{(bn54v5^O$K-|-Px4qqUoOfZ3;z4hC@6D(xm5+Fc; z009DrK_Fh^9~WwKsN1HzGUdqHoY(#4sHLw=Ipvhv>U)|En?8QcdpdOxAV7cs0RjXF z5FkK+009EyQlLNl<}dsQ61CDa&SLBv3QS9Y009C72oNAZfB*pk1PC00K>Ypx^dyze zhIVi{oz8}p_zdr?q%qx7s#HJSRoYMt&*jEvWoITwq`P`@mH5!_jDhv3>0+g$RO~9O zjXyp3Vbip9F<-58))|NqI-u3O`LZ;rRe{ts7@<{?0U009C7 z2oNAZfB*pklUyL)|L<9T|1Tqh`~OM)he7%T2oNAZfB*pk1PBly@R1d8|NoJFYb8d2 z009C72oNAZfB*pk1ojEk-~aFHv_OCW0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+ z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly zK!5-N0t6JXh^dyzehBiI0oK9!M%5h-YNmj~dq+{R#mB1PBlyK!5-N0t5&UAaKY6;pYIu{{H`%(7&^3 zO8V+jsXDHIKp;2*1PBlyK!5-N0t5&UAV6S5f%yCXZ-1lvzq!uNOm0K9J7268I&#(U zpnqm#C0`B?{g1e-4Fm`fAV7cs0RjXF5FkK+zyuSxcvVYVwk5M@L!qZL)7p}4X`NsR z2$ui>0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXjg}|aqE?Ir$iX|&A zUUFf3bFng~r7hbs=gfK8vzjMG`jR9-fB*pk1PBlyK!5-N0+T}E3mZ0;b6?D?%5BOQ zbD48DR|Xa~Em+%|EA(VLO1-lEmDn)#~8rBa^8E3saMZ&^Er2N~R2M7%-_r7Yv+t_CNopYUjU$nQi~E<^5Nac+RXZPdppXe_y?uc-RKAh!87lz|57`*P-|MQ;?pUqeXuYwM|{)yK@_18lKLl5%hckS`>|7Nv* zw-5UBKXm;!bnO@0!FU?>UH_#+$AS5$Lf>dVzE3@JTd_XJq2-s)j`{!T%DIpHxFOb) zA1XG){EJ&=l&*^P_YeK#V=@2O4mW-*`VJ-k5dNsj zJD1+{gW(2VJ0s?Q{$IXUzT=u$AD(vCX)*uU4mW-*`o4dClAIJKj>jFUgU1=V{+XJL z^!{f?8PMxbzC3@pp^u#$^UrTjw$Gm*>udMC`daXFpNhLxFN zeO7XGs;89e%$KtrrD9idZ0LKuX=bWenbXpiZJEi$&g zlX6l>dXrpeH}Aj68UX?X2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7 z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5Fl`n0!x-I&s@52%Ul