{"id":1250,"date":"2021-07-14T13:58:32","date_gmt":"2021-07-14T05:58:32","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=1250"},"modified":"2021-07-14T13:59:27","modified_gmt":"2021-07-14T05:59:27","slug":"%e5%be%ae%e8%bb%9f%e7%a8%b1%e4%b8%ad%e5%9c%8b%e9%a7%ad%e5%ae%a2%e9%96%8b%e6%8e%a1%e4%ba%86solarwinds-serv-u%e4%b8%ad%e7%9a%84%e9%9b%b6%e6%99%82%e5%b7%ae%e6%bc%8f%e6%b4%9e%ef%bc%8c%e4%b8%a6%e5%b0%87","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=1250","title":{"rendered":"\u5fae\u8edf\u7a31\u4e2d\u570b\u99ed\u5ba2\u958b\u63a1\u4e86SolarWinds Serv-U\u4e2d\u7684\u96f6\u6642\u5dee\u6f0f\u6d1e\uff0c\u4e26\u5c07\u653b\u64ca\u6b78\u56e0\u65bcDEV-0322"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"554\" height=\"277\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2021\/07\/image-17.png\" alt=\"\" class=\"wp-image-1251\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2021\/07\/image-17.png 554w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2021\/07\/image-17-300x150.png 300w\" sizes=\"auto, (max-width: 554px) 100vw, 554px\" \/><\/figure>\n\n\n\n<p>\u5fae\u8edf\u9031\u4e8c\u8868\u793a\uff0c\u4e2d\u570b\u99ed\u5ba2\u958b\u63a1\u4e86SolarWinds Serv-U FTP \u4f3a\u670d\u5668\u4e2d\u7684\u6f0f\u6d1e\uff0c\u4e26\u7a4d\u6975\u7784\u6e96\u7f8e\u570b\u570b\u9632\u548c\u8edf\u9ad4\u516c\u53f8\u3002\u4eca\u5929\uff0cSolarWinds \u518d\u4e00\u6b21<a href=\"https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2021-35211\">\u66f4\u65b0\u4e86<\/a>\u91dd\u5c0d\u5176Serv-U FTP \u4f3a\u670d\u5668\u4e2d\u7684\u96f6\u6642\u5dee\u6f0f\u6d1e\u7684\u5b89\u5168\u66f4\u65b0\uff0c CVE-2021-35211\u5b58\u5728\u65bc SolarWinds \u7684 Serv-U \u7522\u54c1\u4e2d\u3002\u7576Serv-U\u7684 SSH \u66b4\u9732\u5728 Internet \u4e0a\u6642\uff0c\u8a72\u6f0f\u6d1e\u5c07\u5141\u8a31\u99ed\u5ba2\u4ee5\u7279\u6b0a\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\uff0c\u99ed\u5ba2\u53ef\u5b89\u88dd\u548c\u904b\u884c\u60e1\u610fpayloads\uff0c\u6216\u67e5\u770b\u548c\u66f4\u6539\u6578\u64da\u7b49\u64cd\u4f5c\u3002<\/p>\n\n\n\n<p>\u653b\u64ca\u7684\u6d88\u606f\u65bc 7 \u6708 9 \u65e5\u661f\u671f\u4e94\u9996\u6b21\u6d6e\u51fa\u6c34\u9762\uff0cSolarWinds \u767c\u5e03\u4e86\u4e00\u500b\u5b89\u5168\u66f4\u65b0\uff0c\u4ee5\u4fee\u88dcServ-U\u4e2d\u7684\u4e00\u500b\u5df2\u88ab\u958b\u63a1\u7684\u96f6\u6642\u5dee\u6f0f\u6d1e\u3002\u7576\u6642\uff0cSolarWinds \u8868\u793a\u662f\u5728\u6536\u5230\u5fae\u8edf\u7684\u901a\u77e5\u4e4b\u5f8c\u624d\u77e5\u9053\u6f0f\u6d1e (CVE-2021-35211)\u53d7\u5230\u6301\u7e8c\u7684\u653b\u64ca\uff0c\u4f46\u6c92\u6709\u767c\u5e03 Serv-U \u4fee\u88dc (v15.2.3 HF2) \u4ee5\u5916\u7684\u4efb\u4f55\u5176\u4ed6\u7d30\u7bc0\u3002\u4eca\u5fae\u8edf\u900f\u9732\uff0c\u5f88\u6709\u628a\u63e1\u5c0d\u5c07\u9019\u4e9b\u653b\u64ca\u6b78\u56e0\u65bc\u4e00\u500b\u540d\u70ba\u201cDEV-0322\u201d\u7684\u4e2d\u570b\u99ed\u5ba2\u7d44\u7e54\u3002\u5fae\u8edf\u5a01\u8105\u60c5\u5831\u4e2d\u5fc3(Microsoft Threat Intelligence Center -MSTIC)\u5728\u90e8\u843d\u683c<a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/07\/13\/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit\/\">\u6587\u7ae0\u4e2d<\/a>\u8aaa\uff0cDEV-0322\u7d93\u5e38\u4f9d\u8cf4\u7531\u8def\u7531\u5668\u6216\u5176\u4ed6\u985e\u578b\u7684\u7269\u806f\u7db2\u8a2d\u5099\u7d44\u6210\u7684\u6bad\u5c4d\u7db2\u8def\u3002<\/p>\n\n\n\n<p>\u201cMSTIC \u89c0\u5bdf\u5230 DEV-0322 \u4ee5\u7f8e\u570b\u570b\u9632\u5de5\u696d\u57fa\u5730\u90e8\u9580\u5be6\u9ad4\u548c\u8edf\u9ad4\u516c\u53f8\u516c\u958b\u66b4\u9732\u7684 Serv-U FTP \u4f3a\u670d\u5668\u70ba\u76ee\u6a19\uff0c\u4e26\u5df2\u89c0\u5bdf\u5230DEV-0322\u5728\u57fa\u790e\u67b6\u69cb\u4e2d\u4f7f\u7528\u5546\u696d VPN\u548c\u53d7\u640d\u7684\u6d88\u8cbb\u8005\u8def\u7531\u5668\u3002\u201d<\/p>\n\n\n\n<p>\u9019\u4e9b\u653b\u64ca\u4e5f\u6a19\u8a8c\u8457\u4e2d\u570b\u99ed\u5ba2\u7d44\u7e54\u7b2c\u4e8c\u6b21\u6feb\u7528 SolarWinds \u8edf\u9ad4\u4f86\u7834\u58de\u4f01\u696d\u548c\u653f\u5e9c\u7db2\u8def\uff0c\u65e9\u5728 2020 \u5e74 12 \u6708\uff0c\u5c31\u5728\u4fc4\u7f85\u65af\u7b56\u5283\u7684 SolarWinds \u4f9b\u61c9\u93c8\u653b\u64ca\u66dd\u5149\u7684\u540c\u6642\uff0c\u4e2d\u570b\u99ed\u5ba2\u7d44\u7e54<a href=\"https:\/\/www.ithome.com.tw\/news\/143107\">SPIRAL<\/a>\u4e5f\u5728\u5fd9\u8457\u5229\u7528 CVE-2020-10148 \u6f0f\u6d1e\u5728 SolarWinds Orion IT \u76e3\u63a7\u5e73\u53f0\u4e0a\u5b89\u88dd web shell\u3002<\/p>\n\n\n\n<p>\u53e6\u5916\u6839\u64da <a href=\"https:\/\/search.censys.io\/search?resource=hosts&amp;q=services.banner%3A+%22SSH-2.0-Serv-U*%22+AND+services.service_name%3A+%22SSH%22\">Censys <\/a>\u7684search query\uff0c\u81ea\u4e0a\u9031Solarwinds<a href=\"https:\/\/www.solarwinds.com\/trust-center\/security-advisories\/cve-2021-35211\">\u767c\u5e03\u4fee\u88dc<\/a>\u4ee5\u4f86\u4ecd\u6709\u8d85\u904e 8,200 \u500b SolarWinds Serv-U \u7cfb\u7d71\u5c07\u5176 SSH \u7aef\u53e3\u66b4\u9732\u5728\u7db2\u4e0a\uff0c\u7e3d\u800c\u8a00\u4e4b\uff0c\u4f7f\u7528 SolarWinds Serv-U FTP \u4f3a\u670d\u5668\u7684\u516c\u53f8\u61c9\u901a\u904e\u5b89\u88ddSolarwinds\u767c\u5e03\u7684\u4fee\u88dc\u6216\u95dc\u9589\u5c0d\u4f3a\u670d\u5668\u7684 SSH \u5b58\u53d6\u4f86\u4fdd\u8b77\u81ea\u5df1\u514d\u53d7 DEV-0322 \u653b\u64ca\u3002<\/p>\n\n\n\n<p>\u6709\u95dc\u60c5\u8cc7:<\/p>\n\n\n\n<p><a href=\"https:\/\/otx.alienvault.com\/pulse\/60ec7ed53e01224d316f3078\">Serv-U Remote Memory Escape Vulnerability being exploited in the wild CVE-2021-35211<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5fae\u8edf\u9031\u4e8c\u8868\u793a\uff0c\u4e2d\u570b\u99ed\u5ba2\u958b\u63a1\u4e86SolarWinds Serv-U FTP \u4f3a\u670d\u5668\u4e2d\u7684\u6f0f\u6d1e\uff0c\u4e26\u7a4d\u6975\u7784\u6e96\u7f8e\u570b\u570b\u9632\u548c\u8edf <a class=\"read-more\" href=\"https:\/\/blog.billows.com.tw\/?p=1250\">READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[174,112],"class_list":["post-1250","post","type-post","status-publish","format-standard","hentry","category-6","tag-news","tag-112"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1250","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1250"}],"version-history":[{"count":2,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1250\/revisions"}],"predecessor-version":[{"id":1253,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1250\/revisions\/1253"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1250"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1250"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1250"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}