ProHoster > Ibhulogi > iindaba ze-intanethi > Uhlaselo olukhulu kwiiseva zeposi ezisesichengeni ze-Exim

Uhlaselo olukhulu kwiiseva zeposi ezisesichengeni ze-Exim

Abaphandi bokhuseleko abavela kwiCybereason walumkisa abalawuli beseva yemeyile malunga nokuchonga uhlaselo olukhulu oluzenzekelayo oluxhaphazayo ukuba sesichengeni okubalulekileyo (CVE-2019-10149) kwi-Exim, efunyenwe kwiveki ephelileyo. Ngexesha lohlaselo, abahlaseli bafezekisa ukuphunyezwa kwekhowudi yabo ngamalungelo engcambu kwaye bafake i-malware kwi-server ye-cryptocurrencies yemigodi.

Ngokutsho kukaJuni uphando oluzenzekelayo Isabelo se-Exim yi-57.05% (kunyaka odlulileyo 56.56%), i-Postfix isetyenziswe kwi-34.52% (33.79%) yeeseva zeposi, i-Sendmail - 4.05% (4.59%), iMicrosoft Exchange - 0.57% (0.85%). Ngu inikiwe Inkonzo yeShodan ihleli isesichengeni kwiiseva zeposi ezingaphezulu kwe-3.6 yezigidi kuthungelwano lwehlabathi ezingekahlaziywa kukhupho lwangoku lwe-Exim 4.92. Malunga nezigidi ezi-2 iiseva ezinokuthi zibe sesichengeni zibekwe eUnited States, i-192 lamawaka eRashiya. Ngu ulwazi Inkampani ye-RiskIQ sele itshintshele kwinguqulo ye-4.92 ye-70% yeeseva kunye ne-Exim.

Uhlaselo olukhulu kwiiseva zeposi ezisesichengeni ze-Exim

Abalawuli bayacetyiswa ukuba bafake ngokukhawuleza uhlaziyo olulungiswe ziikiti zokuhambisa kwiveki ephelileyo (Debian, Ubuntu, Vula, Arch Linux, Fedora, I-EPEL ye-RHEL/CentOS). Ukuba inkqubo inenguqu esengozini ye-Exim (ukusuka kwi-4.87 ukuya kwi-4.91 ebandakanya), kufuneka uqinisekise ukuba inkqubo ayikadibaniswa ngokujonga i-crontab yeefowuni ezikrokrelayo kunye nokuqinisekisa ukuba akukho zitshixo ezongezelelweyo kwi /root/. ssh ulawulo. Uhlaselo lunokubonakaliswa bubukho kwilog yomsebenzi we-firewall ovela kumamkeli an7kmd2wp4xo7hpr.tor2web.su, an7kmd2wp4xo7hpr.tor2web.io kunye ne-an7kmd2wp4xo7hpr.onion.sh, ezisetyenziselwa ukukhuphela i-malware.

Iinzame zokuqala zokuhlasela iiseva ze-Exim irekhodiwe nge-9 kaJuni. NgoJuni 13 uhlaselo yamkelwe ubunzima umlinganiswa. Emva kokuxhaphaza ubuthathaka ngokusebenzisa amasango e-tor2web, iscript siyakhutshelwa kwinkonzo efihliweyo yeTor (an7kmd2wp4xo7hpr) ejonga ubukho be-OpenSSH (ukuba akunjalo. iiseti), itshintsha izicwangciso zayo (ivumela ukungena kwengcambu kunye noqinisekiso lwesitshixo) kwaye icwangcisa umsebenzisi kwiingcambu Isitshixo seRSA, enika ufikelelo olukhethekileyo kwinkqubo nge-SSH.

Emva kokumisela i-backdoor, i-port scanner ifakwe kwisistim ukuchonga abanye abancedisi abasengozini. Inkqubo iphinda ikhangelwe iinkqubo ezikhoyo zemigodi, ezicinywayo ukuba zichongiwe. Kwinqanaba lokugqibela, owakho umgodi uyakhutshelwa kwaye ubhaliswe kwi-crontab. Umvukuzi ukhutshelwa phantsi kwefayile ye-ico (enyanisweni yi-archive ye-zip enegama lokugqitha "akukho-password"), equlethe ifayile ephunyeziweyo kwifomathi ye-ELF ye-Linux ene-Glibc 2.7+.

umthombo: opennet.ru

Yongeza izimvo