Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about the example analysis of arbitrary command execution vulnerabilities on Jumpserver controlled servers. Many people may not know much about it. In order to make you understand better, the editor has summarized the following contents for you. I hope you can get something from this article.

Brief introduction of 0x01 vulnerability

January 18, 2021, 360CERT Monitoring found that Jumpserver issued a risk notification of a remote command execution vulnerability, vulnerability level: high risk, vulnerability score: 8.5.

A remote arbitrary command execution vulnerability on a controlled server exists in Jumpserver, which is caused by multiple vulnerabilities.

In this regard, 360CERT recommends that the majority of users do a good asset self-examination and prevention work, so as to avoid hacker attacks.

0x02 risk rating

360CERT's assessment of the vulnerability is as follows

Assessment methods, threat levels, high risk impact surfaces, general 360CERT scores, 8.50x03 repair recommendations, general repair recommendations

Upgrade to the following secure version

-> = v2.6.2

-> = v2.5.4

-> = v2.4.5

-= v1.5.9 (version number unchanged)

-< v1.5.3

Temporary repair proposal

Modify nginx profile to shield affected interfaces

Jumpservernginx profile location

# old version of the community

/ etc/nginx/conf.d/jumpserver.conf

# Enterprise Old version

Jumpserver-release/nginx/http_server.conf

# the new version is in

Jumpserver-release/compose/config_static/http_server.conf

# ensure that before / api and / before

Location / api/v1/authentication/connection-token/ {

Return 403

}

Location / api/v1/users/connection-token/ {

Return 403

}

# add the above

Location / api/ {

Proxy_set_header X-Real-IP $remote_addr

Proxy_set_header Host $host

Proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for

Proxy_pass http://core:8080;

}

...

0x04 related spatial mapping data

Through surveying and mapping the assets of the whole network, it is found that the specific distribution of Jumpserver is shown in the following figure.

After reading the above, do you have any further understanding of the example analysis of arbitrary command execution vulnerabilities on Jumpserver controlled servers? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.