Zip Slip·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2018-06-06

·ì϶±àºÅ


CVE-2018-8008
CVE-2018-8009
CVE-2018-1261
CVE-2018-1263
CVE-2018-1002200
CVE-2018-1002201
CVE-2018-1002202
CVE-2018-1002203
CVE-2018-1002204
CVE-2018-1002205
CVE-2018-1002206
CVE-2018-1002207


·ì϶¼¶±ð


ÑϳÁ  CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°ÏìÁìÓò


Zip Slip·ì϶ ¡°ËÁÒâÎļþ¸²¸Ç¡±ºÍ¡°Ä¿Â¼±éÀú¡±ÎÊÌâµÄ½áºÏ £¬¿ÉÄܵ¼Ö¹¥»÷ÕßÄܹ»½«Îļþ½âѹËõµ½Õý³£½âѹËõõ辶֮±í²¢¸²¸ÇÃô¸ÐÎļþ £¬Èç¹Ø¼üOS¿â»ò·þÎñÆ÷ÅäÖÃÎļþ¡£¹ÌȻʹÓü¸ÖÖ±à³Ì˵»°±àдµÄ¿âÒÑÖª»áÊܵ½Ó°Ïì £¬ÀýÈçJavaScript £¬Python £¬Ruby £¬.NET £¬GoºÍGroovy £¬µ«Õâ¸öÎÊÌâÖØÒªÓ°ÏìJavaÉú̬ϵͳ¡£


Zip Slip·ì϶ÊÇÔÚ±àÂëÆ÷¡¢²å¼þºÍ¿âʵÏÖ½âѹ¹éµµÎļþµÄ¹ý³ÌÖеÄÒ»¸öÎÊÌâ¡£ ºÜ¶à´ò°üÌåʽ £¬Ô̺¬tar £¬jar £¬war £¬cpio £¬apk £¬rarºÍ7z³ÇÊÐÊܵ½Ó°Ïì £¬ÕâÒâζ×ÅÕâ¸üÏñÊÇÂß¼­ÎÊÌâ £¬¶ø²»ÊÇÌض¨µÄ±àÂëÃýÎó¡£


¶à¸ö´óÐ͹«Ë¾ £¬Ô̺¬Google¡¢Oracle¡¢IBM¡¢Apache¡¢ÑÇÂíÑ·µÈÔÚÄÚµÄÊýǧ¸öÏîÄ¿ÊÜÓ°Ï죨¼û£ºhttps://github.com/snyk/zip-slip-vulnerability£©¡£µ±È» £¬ÕâÖÖÀàÐ͵ķì϶ÔçÒÑ´æÔÚ £¬µ«×î½üËüÒѾ­ÔÚ¸ü¶àµÄÏîÄ¿ºÍ¿âÖвû·¢³öÀ´¡£

 

ÊÜÓ°ÏìµÄ¿âºÍÏîÄ¿£º


ÊÜÓ°ÏìµÄ¿â£º

 

GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾

 

ÊÜÓ°ÏìµÄÏîÄ¿£º

 

GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾

 

·ìϼûèÊö


Zip SlipÊÇĿ¼±éÀúµÄÒ»ÖÖ´ó¾Ö £¬Äܹ»Í¨¹ý´Ó´ò°üÎļþÖÐÌáÈ¡ÎļþÀ´ÀûÓᣠĿ¼±éÀú·ì϶µÄÇ°ÌáÊǹ¥»÷ÕßÄܹ»½Ó¼ûÎļþϵͳÖÐÓ¦¸ÃפÁôµÄÖ¸±êÎļþ¼ÐÖ®±íµÄ²¿ÃÅÎļþϵͳ¡£ ¶øºó £¬¹¥»÷ÕßÄܹ»¸²¸Ç¿ÉÖ´ÐÐÎļþ²¢Ô¶³ÌŲÓÃËüÃÇ £¬»òÕßÆÚ´ýϵͳ»òÓû§Å²ÓÃËüÃÇ £¬´Ó¶øʵÏÖÊܺ¦Õß»úеÉϵÄÔ¶³ÌºÅÁîÖ´ÐС£´Ë·ì϶»¹¿ÉÄÜͨ¹ý¸²¸ÇÅäÖÃÎļþ»òÆäËûÃô¸Ð×ÊÔ´¶øÔì³ÉÇÖº¦ £¬²¢ÇÒ¿ÉÄÜ»áÔÚ¿Í»§¶Ë£¨Óû§£©»úеºÍ·þÎñÆ÷ÉÏÊܵ½¹¥»÷¡£


Ò²¾ÍÊÇ˵ £¬Zip SlipÊÇ¡°ËÁÒâÎļþ¸²¸Ç¡±ºÍ¡°Ä¿Â¼±éÀú¡±ÎÊÌâµÄ½áºÏ £¬¿ÉÄܵ¼Ö¹¥»÷ÕßÄܹ»½«Îļþ½âѹËõµ½Õý³£½âѹËõõ辶֮±í²¢¸²¸ÇÃô¸ÐÎļþ £¬Èç¹Ø¼üOS¿â»ò·þÎñÆ÷ÅäÖÃÎļþ¡£


·ì϶POC£ºhttps://github.com/snyk/zip-slip-vulnerability/tree/master/archives


ÀûÓô˷ì϶±ØÒªµÄÁ½¸ö²¿ÃÅÊDz»Ö´ÐÐÑéÖ¤²é³­µÄ¶ñÒâ¹éµµºÍÌáÈ¡´úÂë¡£ÈÃÎÒÃÇ˳´Î²é¿´ÕâÁ½²¿ÃÅ¡£Ê×ÏÈ £¬zipÎļþµÄÄÚÈÝÔÚÌáȡʱ±ØÒªÓÐÒ»¸ö»ò¶à¸öÍÑÀëÖ¸±êĿ¼µÄÎļþ¡£±ÉÈËÃæµÄÀý×ÓÖÐ £¬ÎÒÃÇÄܹ»¿´µ½Ò»¸özipÎļþµÄÄÚÈÝ¡£ËüÓÐÁ½¸öÎļþ £¬Ò»¸ögood.shÎļþ½«±»½âѹËõµ½Ö¸±êĿ¼ÖÐ £¬ÁíÒ»¸öevil.shÎļþÔÚ³¢ÊÔ±éÀúĿ¼Ê÷ÒÔ´ò¿ª¸ùĿ¼ £¬¶øºó½«ÎļþÔö³¤µ½tmpĿ¼ÖС£µ±Äú³¢ÊÔcd .. ÔÚ¸ùĿ¼ÖÐʱ £¬ÒÀÈ»»á·¢ÏÖ×Ô¼ºÎ»ÓÚ¸ùĿ¼ÖÐ £¬Òò¶ø¶ñÒâõ辶¿ÉÄÜÔ̺¬¶à¸ö¼¶´ËÍâĿ¼ ../ ÔÚ³¢ÊÔ±éÀúÃô¸ÐÎļþ֮ǰ £¬ÓиüºÃµÄ»úÓö´ïµ½¸ùĿ¼¡£

 

GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾

 

Õâ¸özipÎļþµÄÄÚÈݱØÐëÊÖ¹¤Ôì×÷¡£Ö»¹Üzip¹æ·¶ÔÊÐí £¬µµ°¸´´½¨¹¤¾ßͨ³£²»ÔÊÐíÓû§Ê¹ÓÃÕâЩõ辶Ôö³¤Îļþ¡£µ«ÊÇ £¬Ê¹ÓÃÌض¨µÄ¹¤¾ß £¬Ê¹ÓÃÕâЩõ辶´´½¨ÎļþºÜÈÝÒס£


Äú±ØÒªÀûÓô˷ì϶µÄµÚ¶þ¼þÊÂÊÇʹÓÃÄú×Ô¼ºµÄ´úÂë»ò¿âÀ´ÌáÈ¡¹éµµÎļþ¡£½âѹËõ´úÂëºöÂÔ´æµµÖÐÎļþõ辶µÄÑé֤ʱ´æÔÚ´Ë·ì϶¡£ÏÂÃæÊÇÒ»¸öÒ×Êܹ¥»÷µÄ´úÂëƬ¶ÎµÄʾÀý£¨ÒÔJavaÏÔʾµÄʾÀý£©¡£

 

GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾

 

½â¾ö´ëÊ©


Òѽ¨¸´µÄ¿âºÍÏîÄ¿Á´½Ó¼û£ºhttps://github.com/snyk/zip-slip-vulnerability


²Î¿¼×ÊÁÏ


https://github.com/snyk/zip-slip-vulnerability


http://7xkk1o.com1.z0.glb.clouddn.com/technical-whitepaper.pdf#page=8&zoom=auto,-99,199


https://github.com/snyk/zip-slip-vulnerability/tree/master/archives