ÿÖÜÉý¼¶²¼¸æ-2022-06-14

°ä²¼¹¦·ò 2022-06-14

ÐÂÔöÊÂÎñ

 

ÊÂÎñÃû³Æ£º

HTTP_°²È«·ì϶_GitLab_Ó²±àÂë·ì϶[CVE-2021-22205][CNNVD-202104-1685]

°²È«ÀàÐÍ£º

°²È«·ì϶

ÊÂÎñÃèÊö£º

GitLabÊÇÒ»¸öÓÃÓÚ²Ö¿âÖÎÀíϵͳµÄ¿ªÔ´ÏîÄ¿ £¬Ê¹ÓÃGit×÷Ϊ´úÂëÖÎÀí¹¤¾ß £¬¿Éͨ¹ýWeb½çÃæ½Ó¼û¹«¿ª»ò¸öÈËÏîÄ¿¡£ÔÚGitLabCE/EE°æ±¾14.7(14.7.7֮ǰ)¡¢14.8(14.8.5֮ǰ)ºÍ14.9(14.9.2֮ǰ)ÖÐʹÓÃOmniAuthÌṩÉÌ(ÈçOAuth¡¢LDAP¡¢SAML)×¢²áµÄÕÊ»§ÉèÖÃÁËÓ²±àÂëÃÜÂë £¬ÔÊÐí¹¥»÷ÕßDZÔڵؽÚÔìÕÊ»§¡£

¸üй¦·ò£º

20220614

 

ÊÂÎñÃû³Æ£º

TCP_½©Ê¬ÍøÂç_Mirai.Putin_½ÚÔìºÅÁî

°²È«ÀàÐÍ£º

ÆäËûÊÂÎñ

ÊÂÎñÃèÊö£º

¼ì²âµ½Mirai.Putin·þÎñÆ÷ÊÔͼ·¢ËͺÅÁî¸øMirai.Putin £¬ºÃ±ÈDDoS¹¥»÷Ö¸¶¨Ö÷ÕÅIPÖ÷»ú¡£Ô´IPµØµãµÄÖ÷»ú¿ÉÄܱ»Ö²ÈëÁËMirai±äÖÖMirai.Putin¡£Mirai½©Ê¬ÍøÂçÈä³æÖØÒªÍ¨¹ýɨÃè·À»¤ÄÜÁ¦²»Ç¿µÄÎïÁªÍøÉ豸£¨IoT£© £¬Ô̺¬£ºÂ·ÓÉÆ÷¡¢ÍøÂçÉãÏñÍ·¡¢DVRÉ豸µÈµÈ £¬IoTÉè±¸ÖØÒªÊÇMIPS¡¢ARMµÈ¼Ü¹¹ £¬Òò´æÔÚĬÈÏÃÜÂë¡¢ÈõÃÜÂë¡¢ÑϳÁ·ì϶δʵʱ½¨¸´µÈ³É·Ö £¬µ¼Ö±»¹¥»÷ÕßÖ²ÈëľÂí¡£ÇÔÈ¡Ãô¸ÐÐÅÏ¢ £¬»ñÈ¡ÖÎÀíԱȨÏÞ¡£ÓÉÓÚÔ´´úÂëÒѾ­¹«¿ª £¬Mirai³öÏÖÁ˺öà±äÖÖ £¬±¾ÊÂÎñÕë¶ÔÆä±äÖÖMirai.Putin¡£

¸üй¦·ò£º

20220614

 

ÊÂÎñÃû³Æ£º

TCP_½©Ê¬ÍøÂç_Mirai_½ÚÔìºÅÁî

°²È«ÀàÐÍ£º

ÆäËûÊÂÎñ

ÊÂÎñÃèÊö£º

¼ì²âµ½Mirai·þÎñÆ÷ÊÔͼ·¢ËͺÅÁî¸øMirai £¬ºÃ±ÈDDoS¹¥»÷Ö¸¶¨Ö÷ÕÅIPÖ÷»ú¡£Ô´IPµØµãµÄÖ÷»ú¿ÉÄܱ»Ö²ÈëÁËMirai¼«Æä±äÖÖ¡£Mirai½©Ê¬ÍøÂçÈä³æÖØÒªÍ¨¹ýɨÃè·À»¤ÄÜÁ¦²»Ç¿µÄÎïÁªÍøÉ豸£¨IoT£© £¬Ô̺¬£ºÂ·ÓÉÆ÷¡¢ÍøÂçÉãÏñÍ·¡¢DVRÉ豸µÈµÈ £¬IoTÉè±¸ÖØÒªÊÇMIPS¡¢ARMµÈ¼Ü¹¹ £¬Òò´æÔÚĬÈÏÃÜÂë¡¢ÈõÃÜÂë¡¢ÑϳÁ·ì϶δʵʱ½¨¸´µÈ³É·Ö £¬µ¼Ö±»¹¥»÷ÕßÖ²ÈëľÂí¡£ÇÔÈ¡Ãô¸ÐÐÅÏ¢ £¬»ñÈ¡ÖÎÀíԱȨÏÞ¡£

¸üй¦·ò£º

20220614

 

ÊÂÎñÃû³Æ£º

HTTP_¿ÉÒÉÐÐΪ_PHP·´ÐòÁл¯¶ÔÏóÌåʽÊý¾Ý·¢ÏÖ

°²È«ÀàÐÍ£º

¿ÉÒÉÐÐΪ

ÊÂÎñÃèÊö£º

·¨Ê½Î´¶ÔÓû§ÊäÈëµÄÐòÁл¯×Ö·û´®½øÐмì²â £¬µ¼Ö¹¥»÷ÕßÄܹ»½ÚÔì·´ÐòÁл¯¹ý³Ì £¬Í¨¹ýÔÚ²ÎÊýÖÐ×¢ÈëһЩ´úÂë £¬´Ó¶ø´ïµ½´úÂëÖ´ÐÐ £¬SQL×¢Èë £¬Ä¿Â¼±éÀúµÈ²»³É¿Øºó¹û £¬·çÏսϴó¡£

¸üй¦·ò£º

20220614

 

ÊÂÎñÃû³Æ£º

TCP_°²È«·ì϶_SaltStack_Ô¶³ÌºÅÁîÖ´ÐÐ

°²È«ÀàÐÍ£º

°²È«·ì϶

ÊÂÎñÃèÊö£º

SaltStackÊÇ»ùÓÚPython¿ª·¢µÄÒ»Ì×C/S¼Ü¹¹ÅäÖÃÖÎÀí¹¤¾ß £¬ÊÇÒ»¸ö·þÎñÆ÷»ù´¡¼Ü¹¹¼¯Öл¯ÖÎÀíÆ½Ì¨ £¬¾ß±¸ÅäÖÃÖÎÀí¡¢Ô¶³ÌÖ´ÐÓ×¢¼à¿ØµÈÖ°ÄÜ¡£ÔÚCVE-2020-11651ÈÏÖ¤ÈÆ¹ý·ì϶ÖÐ £¬¹¥»÷Õßͨ¹ý»ú¹Ø¶ñÒâÒªÇó £¬Äܹ»ÈƹýSaltMasterµÄÑéÖ¤Âß¼­ £¬Å²ÓÃÓйØÎ´ÊÚȨº¯ÊýÖ°ÄÜ £¬´Ó¶øÄܹ»Ôì³ÉÔ¶³ÌºÅÁîÖ´Ðзì϶¡£·ì϶ÓÉClearfuncsÀàÒýÆð,¸ÃÀàÎÞÒâÖж³öÁË_send_pub()ºÍ_prep_auth_info()²½Ö衣δ¾­Éí·ÝÑéÖ¤µÄÔ¶³Ì¹¥»÷Õßͨ¹ý·¢ËÍÌØÔìµÄÒªÇó¿ÉÔÚminion¶Ë·þÎñÆ÷ÉÏÖ´ÐÐËÁÒâºÅÁ¿ÉÄÜÌáÈ¡¸ùÃÜÔ¿À´Å²ÓÃmaster¶Ë·þÎñÆ÷ÉϵÄÖÎÀíºÅÁî¡£Ó°Ïì°æ±¾SaltStack<2019.2.4SaltStack<3000.2

¸üй¦·ò£º

20220614

 

ÊÂÎñÃû³Æ£º

TCP_½©Ê¬ÍøÂç_IoT.Moobot_½ÚÔìºÅÁî

°²È«ÀàÐÍ£º

ÆäËûÊÂÎñ

ÊÂÎñÃèÊö£º

¼ì²âµ½Moobot·þÎñÆ÷ÊÔͼ·¢ËͺÅÁî¸øMoobot £¬ºÃ±ÈDDoS¹¥»÷Ö¸¶¨Ö÷ÕÅIPÖ÷»ú¡£Ô´IPÖ÷»ú¿ÉÄܱ»Ö²ÈëÁ˽©Ê¬ÍøÂçMoobot¡£MoobotÊÇIoT½©Ê¬ÍøÂçMiraiµÄÖØÒª±äÖÖÖ®Ò» £¬ÖØÒªÖ°ÄÜÊǶÔÖ¸¶¨Ö¸±êÌáÒéDDoS¹¥»÷ £¬Í¨¹ý¸÷Àà·ì϶´«²¼×ÔÉí¡£

¸üй¦·ò£º

20220614

 

Åú¸ÄÊÂÎñ

 

ÊÂÎñÃû³Æ£º

TCP_¿ÉÒÉÐÐΪ_JAVA_ŲÓÃRMIÔ¶³ÌÏÂÔØclass

°²È«ÀàÐÍ£º

°²È«·ì϶

ÊÂÎñÃèÊö£º

´ËÊÂÎñ¼ì²âJAVAŲÓÃRMIÔ¶³ÌÏÂÔØclassµÄÐÐΪ¡£RMI¼´Ô¶³Ì²½ÖèŲÓà £¬Ò»ÖÖÓÃÓÚʵÏÖÔ¶³Ì¹ý³ÌŲÓõÄjavaAPI.ÔÚjava·ì϶ÖÐ £¬´æÔÚ´óÁ¿·´ÐòÁл¯ºÍºÅÁîÖ´Ðзì϶»áʹÓõ½RMIÔ¶³Ì½Ó¼û¶ñÒâÀàµÄÊÖ·¨ £¬À´ÊµÏÖËÁÒâºÅÁîÖ´ÐÐ £¬·çÏսϴó¡£

¸üй¦·ò£º

20220614