Mobatek MobaXtermÓ×ÎÒ°æ SSH ˽Կй©·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-06-11

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-7690£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬CVSS·ÖÖµ£º9.8


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


MobaTek MobaXterm Personal Edition v11.1 Build 3860°æ±¾


·ì϶¸ÅÊö


Mobatek MobaXtermÊÇ·¨¹úMobatek¹«Ë¾µÄÒ»Ì×¼¯³ÉÁ˼ÓÇ¿ÐÍÖնˡ¢X·þÎñÆ÷ºÍUnixºÅÁ£¨GNU/Cygwin£©µÄÖÕ¶ËÈí¼þ¡£

MobaTek MobaXterm Personal Edition v11.1 Build 3860°æ±¾ÖдæÔÚÐÅÀµÖÎÀíÎÊÌâ·ì϶¡£¸Ã·ì϶ԴÓÚÍøÂçϵͳ»ò²úÆ·Öв»×ãÓÐЧµÄÐÅÀµÖÎÀí»úÔì¡£¹¥»÷Õß¿ÉÀûÓÃĬÈÏÃÜÂë»òÕßÓ²±àÂëÃÜÂë¡¢Ó²±àÂëÖ¤ÊéµÈ¹¥»÷ÊÜÓ°Ïì×é¼þ¡£ 


¼´±ãÓû§¶Ï¿ªÓëÔ¶³ÌSSH·þÎñÆ÷µÄÏνÓ£¬Ò²Äܹ»ÔÚ¹ý³ÌµÄÐÔÃüÖÜÆÚÄÚ´Ó¹ý³ÌÄÚ´æÖмìË÷SSH˽Կ¼°ÆäÃÜÂë¡£Õâ»áÓ°ÏìÓµÓÐÊÜÃÜÂë±£»¤µÄSSH˽ԿµÄÎÞÃÜÂëÉí·ÝÑéÖ¤¡£


·ì϶ÑéÖ¤


EXP£ºhttps://github.com/yogeshshe1ke/CVE/blob/master/2019-7690/mobaxterm_exploit.py¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶£¬ÏêÇéÇë¹Ø×¢³§ÉÌÖ÷Ò³£ºhttps://www.mobatek.net/¡£


²Î¿¼Á´½Ó


http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201905-329