securityfocus原文:http://www.securityfocus.com/bid/94968/info?from=timeline&isappinstalled=0
OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
| Bugtraq ID: | 94968 |
| Class: | Unknown |
| CVE: | CVE-2016-10009
|
| Remote: | Yes |
| Local: | No |
| Published: | Dec 19 2016 12:00AM |
| Updated: | Dec 20 2016 01:11PM |
| Credit: | Jann Horn of Project Zero. |
| Vulnerable: | OpenSSH OpenSSH 7.3
OpenSSH OpenSSH 7.2p2
OpenSSH OpenSSH 7.2
OpenSSH OpenSSH 7.1p2
OpenSSH OpenSSH 7.1p1
OpenSSH OpenSSH 7.1
OpenSSH OpenSSH 7.0
OpenSSH OpenSSH 6.9p1
OpenSSH OpenSSH 6.9
OpenSSH OpenSSH 6.6
OpenSSH OpenSSH 6.5
OpenSSH OpenSSH 6.4
OpenSSH OpenSSH 6.3
OpenSSH OpenSSH 6.2
OpenSSH OpenSSH 6.1
OpenSSH OpenSSH 6.0
OpenSSH OpenSSH 5.8
OpenSSH OpenSSH 5.7
OpenSSH OpenSSH 5.6
OpenSSH OpenSSH 5.5
OpenSSH OpenSSH 5.4
OpenSSH OpenSSH 5.3
OpenSSH OpenSSH 5.2
OpenSSH OpenSSH 5.1
OpenSSH OpenSSH 5.0
|
|
| Not Vulnerable: | OpenSSH OpenSSH 7.4
|
openssh官方也紧急做了升级, 7.4的bugfix release有如下说明(https://www.openssh.com/txt/release-7.4)
从官方说明来看,感觉还是比较难利用的,不知道会不会出现奇淫攻击方式?
余弦同学上次说可以用ZoomEye结果,尝试用ZoomEye搜索openssh,结果出乎意料,还挺有意思的一个工具,有兴趣同学也可以试试「ZoomEye | 钟馗之眼 - 网络空间搜索引擎」,地址:https://www.zoomeye.org
快乐分享,快乐生活
商务合作,请加微信yunweibang555
