add KVE-2022-1002
This commit is contained in:
Set3r.Pan
parent
1e76a92f90
commit
3a64a23944
Binary file not shown.
|
After Width: | Height: | Size: 843 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 20 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 73 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 496 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 204 KiB |
|
|
@ -0,0 +1,53 @@
|
||||||
|
# 麒麟传书远程代码执行漏洞(KVE-2022-1002)
|
||||||
|
```
|
||||||
|
来源:CNVD
|
||||||
|
作者:-
|
||||||
|
收录时间:2022年11月16日
|
||||||
|
标签:漏洞复现
|
||||||
|
注:仅供openKyin社区兴趣研究、学习交流,切勿用于非法用途。
|
||||||
|
```
|
||||||
|
------
|
||||||
|
#### 漏洞描述
|
||||||
|
麒麟传书(kylin-ipmsg)是麒麟软件自研的局域网即时通信软件。该应用程序由于在局域网内收发文件未对特殊文件传输过程进行限制,攻击者可精心策划数据包发送至受害者获取目标主机shell权限。
|
||||||
|
#### 危害等级
|
||||||
|
- 高危
|
||||||
|
#### 影响版本
|
||||||
|
- kylin-ipmsg < 1.3.1.2-ok5~1021
|
||||||
|
#### 漏洞细节
|
||||||
|
- 暂不公开
|
||||||
|
#### 漏洞复现
|
||||||
|
Exploit:
|
||||||
|
```
|
||||||
|
暂不公开,将在自官网发布公告起30天后更新
|
||||||
|
```
|
||||||
|
**复现环境:**
|
||||||
|
```
|
||||||
|
攻击机:
|
||||||
|
Kylin Desktop V10 SP1
|
||||||
|
IP:192.168.255.55
|
||||||
|
受害机:
|
||||||
|
openKylin 7.5
|
||||||
|
IP:192.168.255.56
|
||||||
|
注:两台机器能相互ping通即可
|
||||||
|
````
|
||||||
|
1.受害机开启麒麟传书:
|
||||||
|
|
||||||
|
2.将exp.py和upload11放置在同一目录
|
||||||
|
注:脚本需要pwn模块,如未安装使用如下命令进行安装
|
||||||
|
```
|
||||||
|
sudo python3 -m pip install pwn -i https://pypi.tuna.tsinghua.edu.cn/simple
|
||||||
|
```
|
||||||
|
3.攻击机执行exp脚本
|
||||||
|
```
|
||||||
|
python3 exp.py --rhost 受害机IP --cmd 'bash -c "需要执行的命令"'
|
||||||
|
```
|
||||||
|
这里演示在受害机的/tmp目录下创建一个文件demo123.txt,文件内容是20221116
|
||||||
|
|
||||||
|
4.回到受害机查看,收到了新消息
|
||||||
|
|
||||||
|
在/tmp目录下确实存在相关内容,攻击成功
|
||||||
|
|
||||||
|
#### 修复建议
|
||||||
|
请及时关注官网安全公告更新,请参考以下命令升级到对应操作系统的修复版本:
|
||||||
|
`sudo apt update`
|
||||||
|
`sudo apt-get install kylin-ipmsg`
|
||||||
Loading…
Reference in New Issue