I-ProHoster > Блог > izindaba ze-inthanethi > Ukuhlaselwa ngobuningi kumaseva e-imeyili asekelwe ku-Exim asengozini

Ukuhlaselwa ngobuningi kumaseva e-imeyili asekelwe ku-Exim asengozini

Abacwaningi bezokuphepha abavela ku-Cybereason waxwayisa abalawuli beseva yemeyili mayelana nokuhlonza ukuxhashazwa okukhulu okuzenzakalelayo ukuba sengozini okubalulekile (CVE-2019-10149) ku-Exim, etholwe ngesonto eledlule. Ngesikhathi sokuhlasela, abahlaseli bathola ukusetshenziswa kwekhodi yabo ngamalungelo ezimpande futhi bafake uhlelo olungayilungele ikhompuyutha kuseva ukuze bathole i-cryptocurrencies yezimayini.

Ngokusho kukaJuni inhlolovo ezenzakalelayo Isabelo sika-Exim singu-57.05% (onyakeni odlule 56.56%), iPostfix isetshenziswa ku-34.52% (33.79%) wamaseva e-imeyili, i-Sendmail - 4.05% (4.59%), iMicrosoft Exchange - 0.57% (0.85%). Ngu inikezwe Isevisi ye-Shodan isalokhu isengozini yamaseva e-imeyili angaphezu kwezigidi ezingu-3.6 kunethiwekhi yomhlaba wonke engakabuyekezwa ekukhishweni kwamanje kwe-Exim 4.92. Cishe amaseva ayizigidi ezi-2 angase abe sengozini atholakala e-United States, izinkulungwane ze-192 eRussia. Ngu yemininingwane Inkampani ye-RiskIQ isivele ishintshele enguqulweni engu-4.92 yama-70% wamaseva ane-Exim.

Ukuhlaselwa ngobuningi kumaseva e-imeyili asekelwe ku-Exim asengozini

Abaphathi bayelulekwa ukuthi bafake ngokushesha izibuyekezo ezilungiswe yimishini yokusabalalisa ngesonto eledlule (Debian, Ubuntu, vulaSUSE, I-Arch Linux, Fedora, I-EPEL ye-RHEL/CentOS). Uma isistimu inenguqulo esengozini ye-Exim (kusuka ku-4.87 kuya ku-4.91 ihlanganisiwe), udinga ukwenza isiqiniseko sokuthi isistimu ayikafakwa engcupheni ngokubheka i-crontab yamakholi asolisayo futhi uqiniseke ukuthi abekho okhiye abengeziwe ku-/root/. ssh umkhombandlela. Ukuhlasela kungaphinda kukhonjiswe ngokuba khona kulogi lomsebenzi wokuvikela kusuka kubasingathi i-an7kmd2wp4xo7hpr.tor2web.su, an7kmd2wp4xo7hpr.tor2web.io kanye ne-an7kmd2wp4xo7hpr.onion.sh, ezisetshenziselwa ukulanda uhlelo olungayilungele ikhompyutha.

Imizamo yokuqala yokuhlasela amaseva e-Exim kulungisiwe mhla ziyisi-9 kuNhlangulana. NgoJuni 13 ukuhlasela usemukele ubuningi uhlamvu. Ngemva kokusebenzisa ubungozi ngokusebenzisa amasango e-tor2web, umbhalo uyalandwa kusukela kusevisi ye-Tor efihliwe (an7kmd2wp4xo7hpr) ehlola ubukhona be-OpenSSH (uma kungenjalo amasethi), ishintsha izilungiselelo zayo (ivumela ukungena ngemvume kwezimpande kanye nokuqinisekisa ukhiye) bese usetha umsebenzisi ukuthi asuse Ukhiye we-RSA, enikeza ukufinyelela okukhethekile ohlelweni nge-SSH.

Ngemva kokusetha i-backdoor, isithwebuli sembobo siyafakwa kusistimu ukuze kukhonjwe amanye amaseva asengozini. Uhlelo luphinde luseshwe ukuze kutholwe izinhlelo ezikhona zezimayini, ezisuswayo uma zihlonziwe. Esigabeni sokugcina, umvukuzi wakho uyalandwa futhi abhaliswe ku-crontab. Umvukuzi ulandwa ngaphansi kwesithunzi sefayela le-ico (eqinisweni iyingobo yomlando ye-zip enephasiwedi “ayikho-iphasiwedi”), equkethe ifayela elisebenzisekayo ngefomethi ye-ELF ye-Linux ene-Glibc 2.7+.

Source: opennet.ru

Engeza amazwana