CVE编号
CVE-2018-19518利用情况
漏洞武器化补丁情况
官方补丁披露时间
2018-11-25漏洞描述
UNIX上的University of Washington IMAP Toolkit 2007f ,用于PHP和其他产品中的imap_open(),启动rsh命令(通过c-client / imap4r1.c中的imap_rimap函数和osdep/unix/tcp_unix.c中的tcp_aopen函数 )不阻止参数注入,如果IMAP服务器名称是不可信输入(例如,由Web应用程序的用户输入)并且rsh已被具有不同参数的程序替换,则可能允许远程攻击者执行任意OS命令语义。例如,如果rsh是指向ssh的链接(如Debian和Ubuntu系统上所示),则攻击可以使用包含“-oProxyCommand”参数的IMAP服务器名称。解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| http://www.securityfocus.com/bid/106018 | |
| http://www.securitytracker.com/id/1042157 | |
| https://antichat.com/threads/463395/#post-4254681 | |
| https://bugs.debian.org/913775 | |
| https://bugs.debian.org/913835 | |
| https://bugs.debian.org/913836 | |
| https://bugs.php.net/bug.php?id=76428 | |
| https://bugs.php.net/bug.php?id=77153 | |
| https://bugs.php.net/bug.php?id=77160 | |
| https://git.php.net/?p=php-src.git;a=commit;h=e5bfea64c81ae34816479bb05d17cdf... | |
| https://github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php | |
| https://lists.debian.org/debian-lts-announce/2018/12/msg00006.html | |
| https://lists.debian.org/debian-lts-announce/2019/03/msg00001.html | |
| https://lists.debian.org/debian-lts-announce/2021/12/msg00031.html | |
| https://security.gentoo.org/glsa/202003-57 | |
| https://security.netapp.com/advisory/ntap-20181221-0004/ | |
| https://usn.ubuntu.com/4160-1/ | |
| https://www.debian.org/security/2018/dsa-4353 | |
| https://www.exploit-db.com/exploits/45914/ | |
| https://www.openwall.com/lists/oss-security/2018/11/22/3 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | php | php | * |
From (including) 5.6.0 |
Up to (including) 5.6.38 |
||||
| 运行在以下环境 | |||||||||
| 应用 | php | php | * |
From (including) 7.0.0 |
Up to (including) 7.0.32 |
||||
| 运行在以下环境 | |||||||||
| 应用 | php | php | * |
From (including) 7.1.0 |
Up to (including) 7.1.24 |
||||
| 运行在以下环境 | |||||||||
| 应用 | php | php | * |
From (including) 7.2.0 |
Up to (including) 7.2.12 |
||||
| 运行在以下环境 | |||||||||
| 应用 | uw-imap_project | uw-imap | 2007f | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.7 | php7 | * |
Up to (excluding) 7.1.29-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | amazon_AMI | php7 | * |
Up to (excluding) 7.0.33-1.32.amzn1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_8 | php7 | * |
Up to (excluding) 5.6.20+dfsg-0+deb8u1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | php7 | * |
Up to (excluding) 7.0.33-0+deb9u1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_28 | php7 | * |
Up to (excluding) 7.2.13-2.fc28 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_29 | php7 | * |
Up to (excluding) 7.2.13-2.fc29 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_42.3 | php7 | * |
Up to (excluding) 5.5.14-109.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | suse_11_SP4 | php7 | * |
Up to (excluding) 5.3.17-112.45.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_16.04 | php | * |
Up to (excluding) 7.0.33-0ubuntu0.16.04.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_18.04 | php | * |
Up to (excluding) 8:2007f~dfsg-5ubuntu0.18.04.2 |
|||||
- 攻击路径 远程
- 攻击复杂度 容易
- 权限要求 无需权限
- 影响范围 全局影响
- EXP成熟度 漏洞武器化
- 补丁情况 官方补丁
- 数据保密性 N/A
- 数据完整性 传输被破坏
- 服务器危害 服务器失陷
- 全网数量 N/A
还没有评论,来说两句吧...