{"id":777,"date":"2022-10-19T03:48:15","date_gmt":"2022-10-18T19:48:15","guid":{"rendered":"https:\/\/www.aqwu.net\/wp\/?p=777"},"modified":"2022-10-19T04:04:57","modified_gmt":"2022-10-18T20:04:57","slug":"%e9%94%99%e8%af%af%e6%8a%a5%e5%91%8a-2022-%e5%b9%b4-9-%e6%9c%88%e7%89%88-fireeyetrellix","status":"publish","type":"post","link":"https:\/\/www.aqwu.net\/wp\/?p=777","title":{"rendered":"\u9519\u8bef\u62a5\u544a \u2014 2022 \u5e74 9 \u6708\u7248-fireeye(trellix)"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">\u6211\u4e3a\u4ec0\u4e48\u5728\u8fd9\u91cc\uff1f<\/h2>\n\n\n\n<p>\u6b22\u8fce\u56de\u5230 Bug \u62a5\u544a\uff0c\u4e0d\u8981\u7528\u811a\u8dbe\u5934\u5b58\u6839\u7248\u672c\uff01\u5bf9\u4e8e\u90a3\u4e9b\u4e0d\u719f\u6089\u6211\u4eec\u5728\u8fd9\u91cc\u505a\u4e8b\u7684\u4eba\uff0c<a href=\"https:\/\/www.trellix.com\/en-us\/about\/newsroom\/stories\/research\/the-bug-report-august-2022-edition.html\">\u6bcf\u4e2a\u6708\u6211\u4eec\u90fd\u4f1a<\/a>\u5c06\u5f53\u6708\u7684\u9519\u8bef\u8fc7\u6ee4\u4e3a\u5c11\u6570\u51e0\u4e2a\u6700\u5173\u952e\u7684\u9519\u8bef\uff0c\u8fd9\u6837\u4f60\u5c31\u53ef\u4ee5\u7761\u89c9\uff0c\u544a\u8bc9\u4f60\u7684\u8001\u677f\u4f60\u4e00\u76f4\u5728\u505a\u54ea\u4e9b\u4f1f\u5927\u7684\u7814\u7a76\u3002<\/p>\n\n\n\n<p>\u539f\u6587\u94fe\u63a5\uff1ahttps:\/\/www.trellix.com\/en-us\/about\/newsroom\/stories\/research\/the-bug-report-september-2022-edition.html<\/p>\n\n\n\n<p>\u9664\u4e86\u5c11\u6570\u4f8b\u5916\uff0c\u5bf9\u4e8e\u4e3b\u8981\u9519\u8bef\u6765\u8bf4\uff0c9\u6708\u662f\u4e00\u4e2a\u975e\u5e38\u53d7\u6b22\u8fce\u7684\u7f13\u6162\u6708\u4efd\u3002\u56e0\u6b64\uff0c\u6211\u4eec\u5c06\u7a0d\u5fae\u8d70\u51fa\u5e38\u89c4\uff0c\u5e76\u6db5\u76d6\u4e00\u4e9b\u53ef\u80fd\u4e0e\u67d0\u4e9b\u56e2\u961f\u6bd4\u5176\u4ed6\u56e2\u961f\u66f4\u76f8\u5173\u7684\u6f0f\u6d1e\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.trellix.com\/en-us\/about\/newsroom\/stories\/research\/the-bug-report-september-2022-edition.html#CVE-2022-34721\">CVE-2022-34721 + CVE-2022-34718\uff1a <\/a><a href=\"https:\/\/www.trellix.com\/en-us\/about\/newsroom\/stories\/research\/the-bug-report-september-2022-edition.html#CVE-2022-34721\">Windows IKE + TCP\/IP<\/a><\/li><li><a href=\"https:\/\/www.trellix.com\/en-us\/about\/newsroom\/stories\/research\/the-bug-report-september-2022-edition.html#CVE-2022-32917\">CVE-2022-32917\uff1a<\/a><a href=\"https:\/\/www.trellix.com\/en-us\/about\/newsroom\/stories\/research\/the-bug-report-september-2022-edition.html#CVE-2022-32917\">MacOS, iOS, and iPadOS<\/a><\/li><li><a href=\"https:\/\/www.trellix.com\/en-us\/about\/newsroom\/stories\/research\/the-bug-report-september-2022-edition.html#CVE-2022-39197\">CVE-2022-39197\uff1a<\/a><a href=\"https:\/\/www.trellix.com\/en-us\/about\/newsroom\/stories\/research\/the-bug-report-september-2022-edition.html#CVE-2022-39197\">Cobalt Strike<\/a><\/li><li><a href=\"https:\/\/www.trellix.com\/en-us\/about\/newsroom\/stories\/research\/the-bug-report-september-2022-edition.html#CVE-2007-4559\">CVE-2007-4559\uff1a<\/a><a href=\"https:\/\/www.trellix.com\/en-us\/about\/newsroom\/stories\/research\/the-bug-report-september-2022-edition.html#CVE-2007-4559\">Python<\/a><\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><a>CVE-2022-34721 + CVE-2022-34718\uff1a\u56e0\u4e3a\u4e24\u4e2a\u603b\u662f\u6bd4\u4e00\u4e2a\u597d<\/a><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">\u8fd9\u662f\u4ec0\u4e48\uff1f<\/h3>\n\n\n\n<p>\u867d\u7136\u6211\u4eec\u907f\u514d\u4e25\u683c\u57fa\u4e8eCVSS\u5206\u6570\u7684\u9519\u8bef\u62a5\u544a\uff0c\u4f469.8\u901a\u5e38\u4f1a\u5f15\u8d77\u6211\u4eec\u7684\u6ce8\u610f\u3002\u5728\u5fae\u8f6f\u7684\u4e5d\u6708\u8865\u4e01\u661f\u671f\u4e8c\u4e2d\uff0c\u6709\u51e0\u4e2a\u53ef\u4f9b\u9009\u62e9\uff0c\u4f46\u6709\u4e24\u4e2a\u4f3c\u4e4e\u7279\u522b\u91cd\u8981\u3002\u6211\u51b3\u5b9a\u5728\u4e00\u4e2a\u90e8\u5206\u5904\u7406\u4e24\u4e2a\u8865\u4e01\u661f\u671f\u4e8c\u7684\u9519\u8bef\uff0c\u56e0\u4e3a\u4e3a\u4ec0\u4e48\u4e0d\u5462\uff1f\u7b2c\u4e00\u4e2a\u662f\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801 IKE \u9519\u8bef CVE-2022-34721\u3002IKE \u6216\u56e0\u7279\u7f51\u5bc6\u94a5\u4ea4\u6362\u662f\u4e3a\u865a\u62df\u4e13\u7528\u7f51\u7edc\u4e2d\u4f7f\u7528\u7684&nbsp;<a href=\"https:\/\/www.cloudflare.com\/learning\/network-layer\/what-is-ipsec\/\" target=\"_blank\" rel=\"noreferrer noopener\">IPsec<\/a>&nbsp;\u8bbe\u7f6e\u5bc6\u94a5\u4ea4\u6362\u7684\u534f\u8bae\u3002\u4ece\u672c\u8d28\u4e0a\u8bb2\uff0c\u6240\u6709\u542f\u7528\u4e86 IPsec \u7684\u73b0\u4ee3 Windows \u7248\u672c\u90fd\u4f1a\u53d7\u5230\u5f71\u54cd\u3002\u4f60\u8fd8\u8bb0\u5f97\u4f60\u4e3a\u6240\u6709\u8bbe\u7f6eVPN\u7684\u5728\u5bb6\u5de5\u4f5c\u7684\u4eba\u5417\uff1f\u662f\u7684\uff0c\u8fd9\u4e9b\u662f\u4f60\u5e94\u8be5\u5173\u6ce8\u7684\u3002<\/p>\n\n\n\n<p>\u5f15\u8d77\u6211\u6ce8\u610f\u7684\u7b2c\u4e8c\u4e2a\u5468\u4e8c\u8865\u4e01\u65e5\u9519\u8bef\u662fCVE-2022-34718\uff0c\u53e6\u4e00\u4e2a9.8 RCE\u3002\u6b64\u6f0f\u6d1e\u5b58\u5728\u4e8e Windows TCP\/IP \u5806\u6808\u4e2d\uff0c\u4e0e CVE-2022-34721 \u4e00\u6837\uff0c\u5b83\u4f1a\u5f71\u54cd\u8fd0\u884c IPsec \u7684\u7cfb\u7edf\u3002\u53ea\u6709\u90a3\u4e9b\u8fd0\u884cIPv6\u7684\u4eba\u4f1a\u53d7\u5230\u5f71\u54cd\uff0c\u4f46\u4f60\u5fc5\u987b\u5b8c\u5168\u7981\u7528IPv6\u624d\u80fd\u7f13\u89e3\u5b83\u3002\u8fd9\u4e2abug\u6781\u6709\u53ef\u80fd\u662f\u53ef\u8815\u866b\u7684\uff0c\u6781\u6709\u53ef\u80fd\u88ab\u5229\u7528\uff0c\u5e76\u4e14\u6781\u6709\u53ef\u80fd\u5728\u91ce\u5916\u6709\u4e00\u4e2a\u6709\u6548\u7684PoC\u3002\u6211\u5982\u4f55\u77e5\u9053\u540e\u8005\uff1f\u56e0\u4e3aPoC\u5728Github\u4e0a\u6cc4\u9732\u5e76\u5f88\u5feb\u88ab\u7ba1\u7406\u5458\u5220\u9664\u3002\u7136\u800c\uff0c\u8fd9\u5e76\u4e0d\u662f\u5728\u4e00\u4e9b<a href=\"https:\/\/gitlab.com\/securitystuffbackup\/PoC-in-GitHub\/-\/tree\/master\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u81ea\u52a8\u5316\u7684PoC\u6536\u96c6\u5de5\u5177<\/a>\u53d1\u73b0\u5b83\u4e4b\u524d\u3002\u8ba4\u4e3a\u5728\u5220\u9664\u4e4b\u524d\u6ca1\u6709\u5176\u4ed6\u4eba\u5f97\u5230\u526f\u672c\u662f\u5929\u771f\u7684\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u8c01\u5728\u4e4e\u554a\uff1f<\/h3>\n\n\n\n<p>\u4f60\u5728\u89c6\u7a97\u4e0a\u4f7f\u7528VPN\u5417\uff1f\u8fd9\u610f\u5473\u7740\u4f60\u5e94\u8be5\u5173\u5fc3\u3002\u5982\u679c\u4f60\u8fd0\u884c\u7684\u662fIPv6\uff0c\u4f60\u5e94\u8be5\u52a0\u500d\u5c0f\u5fc3\u3002\u51e0\u4e4e\u6bcf\u4e2a\u6709\u8fdc\u7a0b\u5de5\u4f5c\u8005\u6216\u7ecf\u5e38\u65c5\u884c\u7684Windows\u5546\u5e97\u90fd\u5e94\u8be5\u5bc6\u5207\u5173\u6ce8\u8fd9\u4e00\u70b9\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u6211\u8be5\u600e\u4e48\u529e\uff1f<\/h3>\n\n\n\n<p>\u6b63\u5982\u6211\u4e4b\u524d\u6240\u8bf4\uff0c\u8fd9\u4e9b\u90fd\u662f\u6765\u81ea\u4e5d\u6708\u7684\u8865\u4e01\u661f\u671f\u4e8c\u3002\u5982\u679c\u4f60\u9700\u8981\u505a\u4efb\u4f55\u4e8b\u60c5\uff0c\u4f60\u5df2\u7ecf\u8fdf\u5230\u4e86\u4e00\u4e2a\u6708\u3002\u5c3d\u5feb\u83b7\u53d6\u8fd9\u4e9b\u8865\u4e01\uff01\u786e\u4fdd\u60a8\u7684\u7528\u6237\u662f\u6700\u65b0\u7684\uff0c\u5982\u679c\u4e0d\u662f\uff0c\u8bf7\u8d23\u9a82\u4ed6\u4eec\uff08\u5c3d\u53ef\u80fd\u597d\uff09\u3002\u6211\u660e\u767d\u4e86\uff0c\u6709\u65f6\u4f60\u4e0d\u80fd\u9a6c\u4e0a\u4fee\u8865\u3002\u4f46\u662f\uff0c\u6211\u4eec\u5728\u8fd9\u91cc\u8c08\u8bba\u7684\u662f\u4e00\u4e2a\u53ef\u8815\u866b\u7684\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684RCE\u9519\u8bef\uff0c\u5176\u4e2d\u5305\u542b\u6cc4\u6f0f\u7684PoC\u3002\u4e00\u4e2a\u6708\u592a\u957f\u4e86\uff0c\u7b49\u4e0d\u53ca\u4e86\uff01<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a>CVE-2022-32917\uff1a\u5982\u679c\u6211\u6bcf\u6b21\u90fd\u6709\u4e00\u4e2a\u82f9\u679c&#8230;<\/a><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">\u8fd9\u662f\u4ec0\u4e48\uff1f<\/h3>\n\n\n\n<p>\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u901a\u5e38\u4e0d\u4f1a\u5f97\u5230\u5e94\u6709\u7684\u5173\u6ce8\u3002\u4e3a\u4ec0\u4e48\u4e0d\u5462\uff1f\u5b83\u4eec\u5bf9\u4e8e\u8bb8\u591a\u6076\u610f\u8f6f\u4ef6\u6d3b\u52a8\u81f3\u5173\u91cd\u8981\u3002\u6ca1\u9519\uff0c\u5b83\u4eec\u5e76\u4e0d\u50cfRCE\u90a3\u6837\u534e\u4e3d\uff0c\u4f46\u662f\u5982\u679c\u6ca1\u6709\u5b83\u4eec\uff0c\u8bb8\u591a\u5e7f\u544a\u7cfb\u5217\u548c\u6076\u610f\u8f6f\u4ef6\u5bb6\u65cf\u5c31\u4f1a\u5931\u8d25\u3002<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-32917\" target=\"_blank\" rel=\"noreferrer noopener\">\u4f7fCVE-2022-32917<\/a>\u6709\u8da3\u7684\u662f\u5b83\u4f1a\u5f71\u54cdMacOS\uff0ciOS\u548ciPadOS\u3002\u8fd9\u51e0\u4e4e\u6db5\u76d6\u4e86\u82f9\u679c\u81ed\u540d\u662d\u8457\u7684\u201c\u751f\u6001\u7cfb\u7edf\u201d\u4e2d\u7684\u6bcf\u53f0\u8bbe\u5907\u3002\u597d\u5427\uff0c\u4e5f\u8bb8\u4e0d\u662f\u82f9\u679c\u624b\u8868\uff0c\u4f46\u8fd9\u4e9b\u662f\u516c\u53f8\u7ba1\u7406\u7684\u5417\uff1f\u66f4\u7cdf\u7cd5\u7684\u662f\uff0c\u82f9\u679c\u516c\u53f8<a href=\"https:\/\/support.apple.com\/en-us\/HT213443\" target=\"_blank\" rel=\"noreferrer noopener\">\u627f\u8ba4<\/a>\u6709\u62a5\u9053\u79f0\uff0c\u6709\u62a5\u9053\u79f0\u5728\u91ce\u5916\u53d1\u751f\u88ad\u51fb\u4e8b\u4ef6\u3002\u76ee\u524d\u8fd8\u6ca1\u6709\u66f4\u591a\u7684\u4fe1\u606f\uff0c\u4f46\u662f\u6240\u6709Apple\u8bbe\u5907\u4e0a\u79ef\u6781\u5229\u7528\u7684\u5185\u6838\u6743\u9650\u5347\u7ea7\u5e94\u8be5\u4f1a\u5f00\u59cb\u60a8\u7684\u65e9\u6668\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u8c01\u5728\u4e4e\u554a\uff1f<\/h3>\n\n\n\n<p>\u82f9\u679c\u7528\u6237\u548c\u7ba1\u7406\u5b83\u4eec\u7684IT\u5546\u5e97\u5e94\u8be5\u5173\u5fc3\u3002\u60a8\u53ef\u4ee5\u786e\u5b9a\u7f51\u7edc\u72af\u7f6a\u5206\u5b50\u4f1a\u3002\u540c\u6837\uff0c\u8fd9\u662f\u88ab\u79ef\u6781\u5229\u7528\u7684\uff0c\u6240\u4ee5\u5982\u679c\u4f60\u6ca1\u6709\u4fee\u8865\uff0c\u4f60\u5df2\u7ecf\u843d\u540e\u4e86\u3002\u5b83\u4f1a\u5f71\u54cd\u5e38\u89c1\u7684 BYOD \u9879\u76ee\uff0c\u5982 iPhone\uff0c\u56e0\u6b64\u5bc6\u5c01\u53ef\u80fd\u4f1a\u6210\u4e3a\u4e00\u4e2a\u95ee\u9898\u3002\u4f17\u6240\u5468\u77e5\uff0c\u7528\u6237<em>\u59cb\u7ec8<\/em>\u4fdd\u6301\u5176\u8bbe\u5907\u5904\u4e8e\u6700\u65b0\u72b6\u6001\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u6211\u8be5\u600e\u4e48\u529e\uff1f<\/h3>\n\n\n\n<p>\u5982\u679c\u6ca1\u6709\u6709\u5173\u6f0f\u6d1e\u548c\u91ce\u5916\u6f0f\u6d1e\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u60a8\u552f\u4e00\u7684\u9009\u62e9\u5c31\u662f\u4fee\u8865\u3002iPadOS \u548c iOS \u5e94\u8fd0\u884c\u7248\u672c 15.7\uff08\u5bf9\u4e8e iOS\uff0c\u5e94\u8fd0\u884c\u7248\u672c\u4e3a 16\uff09\u3002MacOS \u5e94\u8fd0\u884c 11.7 \u6216 12.6\u3002\u9664\u6b64\u4e4b\u5916\uff1f\u5750\u4e0b\u6765\u7b49\u5f85\u3002\u7531\u4e8eApple\u77e5\u9053\u8fd9\u4e9b\u6f0f\u6d1e\uff0c\u6211\u4eec\u5e0c\u671b\u5c3d\u5feb\u770b\u5230\u67d0\u79cd\u5f62\u5f0f\u7684\u6587\u7ae0\u3002\u5b89\u5168\u7814\u7a76\u4eba\u5458\u5728\u62ab\u9732\u4ed6\u4eec\u7684\u53d1\u73b0\u4e4b\u524d\uff0c\u7ed9\u4e00\u4e9b\u65f6\u95f4\u6765\u5e94\u7528\u8865\u4e01\u5e76\u4e0d\u7f55\u89c1\u3002\u5728\u90a3\u4e4b\u524d\uff0c\u8865\u4e01\uff0c\u8865\u4e01\uff0c\u8865\u4e01\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a>CVE-2022-39197\uff1a9\u6708\uff0c\u8bf7\u4e0d\u8981\u9ed1\u5ba2\u653b\u51fb\u6708&#8230;<\/a><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">\u8fd9\u662f\u4ec0\u4e48\uff1f<\/h3>\n\n\n\n<p>Cobalt Strike\u5bf9\u4e8e\u666e\u901a\u7684IT\u4e13\u4e1a\u4eba\u5458\u6765\u8bf4\u53ef\u80fd\u5e76\u4e0d\u719f\u6089\uff0c\u4f46\u5b83\u662f\u8bb8\u591a\u7ea2\u8272\u56e2\u961f\u7684\u9762\u5305\u548c\u9ec4\u6cb9\u30029 \u6708 20 \u65e5\uff0c\u90e8\u7f72\u4e86Cobalt Strike&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.cobaltstrike.com\/blog\/out-of-band-update-cobalt-strike-4-7-1\/\" target=\"_blank\">\u7684\u5e26\u5916\u8865\u4e01<\/a>\u4ee5\u4fee\u590d\u591a\u4e2a\u95ee\u9898\uff0c\u5305\u62ec&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-39197\" target=\"_blank\">CVE-2022-39197<\/a>\uff0c\u4e00\u4e2a\u8de8\u7ad9\u70b9\u811a\u672c \uff08XXS\uff09 \u6f0f\u6d1e\u3002\u901a\u5e38\uff0cXXS\u6f0f\u6d1e\u4e0d\u4f1a\u51fb\u4e2d\u6211\u4eec\u7684\u96f7\u8fbe\uff0c\u4f46\u90e8\u5206\u539f\u56e0\u662f\u6708\u4efd\u7f13\u6162\uff0c\u90e8\u5206\u539f\u56e0\u662f\u9ed1\u5ba2\u5e73\u53f0\u6f0f\u6d1e\u7684\u8bbd\u523a\u610f\u5473\uff0c\u8fd9\u5c31\u662f\u3002\u4ece\u672c\u8d28\u4e0a\u8bb2\uff0c\u4e0d\u826f\u884c\u4e3a\u8005\u53ef\u4ee5\u5728\u4fe1\u6807\u914d\u7f6e\u4e2d\u8bbe\u7f6e\u683c\u5f0f\u9519\u8bef\u7684\u7528\u6237\u540d\uff0c\u5e76\u5728Cobalt Strike\u670d\u52a1\u5668\u4e0a\u6267\u884c\u4ee3\u7801\u3002\u5728\u6211\u53d1\u73b0\u7684\u73b0\u6709<a rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/xzajyjs\/CVE-2022-39197-POC\" target=\"_blank\">PoC\u4e2d<\/a>\uff0c\u5927\u591a\u6570\u53ea\u662f\u7528\u6765\u7528\u968f\u673a\u56fe\u50cf\u6765\u62d6\u66f3\u670d\u52a1\u5668\u3002\u90a3\u4e9b\u9760\u5251\u751f\u6d3b\u7684\u4eba\uff0c\u55ef\uff1f<\/p>\n\n\n\n<figure class=\"wp-block-image\"><a href=\"https:\/\/www.trellix.com\/en-us\/img\/newsroom\/stories\/the-bug-report-september-2022-edition-2.jpg\"><img decoding=\"async\" src=\"https:\/\/www.trellix.com\/en-us\/img\/newsroom\/stories\/the-bug-report-september-2022-edition-2.jpg\" alt=\"Merci\uff0c l'ANSSI \uff08mais \u5728\u54ea\u91cc\u662f ze CVE \u53f7\u7801\uff09\"\/><\/a><\/figure>\n\n\n\n<p>\u56fe1\uff1a<a href=\"https:\/\/github.com\/xzajyjs\">https:\/\/www.cnblogs.com\/xzajyjs\/p\/16724512.html@xzajyjs<\/a>\u7684\u590d\u5236<a href=\"https:\/\/www.cnblogs.com\/xzajyjs\/p\/16724512.html\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u8c01\u5728\u4e4e\u554a\uff1f<\/h3>\n\n\n\n<p>\u5982\u679c\u60a8\u662f\u4e00\u5bb6\u5927\u516c\u53f8\uff0c\u5219\u53ef\u4ee5\u8058\u8bf7\u4e00\u4e2a\u7ea2\u8272\u56e2\u961f\u8fdb\u884c\u5b89\u5168\u8bc4\u4f30\u3002\u4e5f\u8bb8\u4f60\u751a\u81f3\u6709\u81ea\u5df1\u7684\u3002\u65e0\u8bba\u54ea\u79cd\u60c5\u51b5\uff0c\u8fd9\u4e9b\u7ea2\u961f\u90fd\u5e94\u8be5\u5173\u5fc3\uff0c\u56e0\u4e3a\u4ed6\u4eec\u4e2d\u6709\u5f88\u5927\u4e00\u90e8\u5206\u4f7f\u7528\u94b4\u6253\u51fb\u3002\u5bf9\u4e8e\u4efb\u4f55\u4f7f\u7528\u94b4\u7f62\u5de5\u7684\u7f51\u7edc\u72af\u7f6a\u5206\u5b50\uff0c\u60a8\u90fd\u4e0d\u5e94\u8be5\u5728\u610f\u3002\u5ffd\u7565\u8865\u4e01\u5e76\u4fdd\u7559\u65e7\u7684\u6613\u53d7\u653b\u51fb\u7684\u7248\u672c\uff0c\u4e00\u5207\u90fd\u4f1a\u597d\u8d77\u6765\u7684\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u6211\u8be5\u600e\u4e48\u529e\uff1f<\/h3>\n\n\n\n<p>\u786e\u4fdd\u60a8\u4f7f\u7528\u7684\u662f\u7248\u672c 4.7.1\u3002\u5728\u4f60\u7684\u670d\u52a1\u670d\u52a1\u5668.prop \u6587\u4ef6\u4e2d\uff0c\u4f60\u5e94\u8be5\u8bbe\u7f6e\u4e86limits.beacons_xssvalidated = True\u3002\u5982\u679c\u5c06\u5176\u8bbe\u7f6e\u4e3a&nbsp;False\uff0c\u5219\u8bf4\u660e\u60a8\u6709\u95ee\u9898\u3002\u5982\u679c\u60a8\u6b63\u5728\u4e0e\u7b2c\u4e09\u65b9\u8c08\u5224\u7ea2\u961f\uff0c\u8bf7\u8be2\u95ee\u4ed6\u4eec\u6253\u7b97\u4f7f\u7528\u54ea\u4e9b\u5de5\u5177\u548c\u7248\u672c\u3002\u6307\u5411\u6b64\u9519\u8bef\u62a5\u544a\u6216<a href=\"https:\/\/www.cobaltstrike.com\/blog\/out-of-band-update-cobalt-strike-4-7-1\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u5b98\u65b9\u62ab\u9732<\/a>\uff0c\u5982\u679c\u4f60\u53d1\u73b0\u4ed6\u4eec\u6b63\u5728\u4f7f\u7528\u65e7\u7248\u672c\u7684\u94b4\u7f62\u5de5\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a>CVE-2007-4559\uff1a\u7b49\u7b49\uff0c2007\u5e74\uff1f\u8fd9\u662f\u9519\u522b\u5b57\u5417\uff1f<\/a><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">\u8fd9\u662f\u4ec0\u4e48\uff1f<\/h3>\n\n\n\n<p>\u8fd9\u4e0d\u662f\u9519\u522b\u5b57\u3002\u6211\u4eec\u5c06\u7528\u4e00\u4e2a<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2007-4559\" target=\"_blank\" rel=\"noreferrer noopener\">15\u5c81\u7684Python\u9519\u8bef<\/a>\u6765\u7ed3\u675f\u8fd9\u4e2a\u9519\u8bef\u62a5\u544a\uff0c\u8fd9\u4e2a\u9519\u8bef\u4e00\u76f4\u5728\u7ed9\u4e88\uff01\u5173\u4e8e\u8fd9\u4e2abug\u7684\u4e00\u4e9b\u65b0\u7814\u7a76\u5c06\u5176\u6f5c\u5728\u5f71\u54cd\u653e\u5728350\uff0c000\u591a\u4e2a\u5f00\u6e90\u5b58\u50a8\u5e93\u4e2d\u3002\u5b8c\u5168\u62ab\u9732\uff0c<a href=\"https:\/\/www.trellix.com\/en-us\/about\/newsroom\/stories\/research\/limiting-the-software-supply-chain-attack-surface.html\">\u8fd9\u5c31\u662f\u6211\u4eec<\/a>\u3002\u5728\u6211\u4eec\u7684\u8fa9\u62a4\u4e2d\uff0c\u539f\u59cb\u9519\u8bef\u4e8e2007\u5e748\u670827\u65e5\u53d1\u5e03\uff0c\u8fd9<em>\u786e\u5b9e\u975e\u5e38\u63a5\u8fd1<\/em>2022\u5e749\u6708-\u7ed9\u6216\u82b115\u5e74\u3002\u90a3\u4e48\uff0c\u8fd9\u4e2a\u9519\u8bef\u6709\u4ec0\u4e48\u4f5c\u7528\u5462\uff1f\u4ece\u672c\u8d28\u4e0a\u8bb2\uff0c\u8fd9\u662f\u4e00\u4e2a\u76ee\u5f55\u904d\u5386\u9519\u8bef\uff0c\u5176\u4e2d\u4f7f\u7528&nbsp;tarfile.extract\uff08\uff09&nbsp;\u6216&nbsp;tarfile.extractall\uff08\uff09&nbsp;\u53ef\u80fd\u5141\u8bb8\u653b\u51fb\u8005\u8986\u76d6\u7cfb\u7edf\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\u3002\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\uff0c\u8fd9\u751a\u81f3\u53ef\u80fd\u5bfc\u81f4<a href=\"https:\/\/www.trellix.com\/en-us\/about\/newsroom\/stories\/research\/tarfile-exploiting-the-world.html\" target=\"_blank\" rel=\"noreferrer noopener\">\u4ee3\u7801\u6267\u884c<\/a>\u3002\u8fd9\u662f\u4e00\u4e2a\u975e\u5e38\u5bb9\u6613\u72af\u7684\u9519\u8bef\uff0c\u56e0\u4e3a tarfile \u6a21\u5757\u7684\u9ed8\u8ba4\u884c\u4e3a\u548c\u6700\u76f4\u63a5\u7684\u5b9e\u73b0\u4f1a\u5bfc\u81f4\u6b64\u6f0f\u6d1e\u3002\u770b\u770b\u5b83\u6709\u591a\u7b80\u5355\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-image\"><a href=\"https:\/\/www.trellix.com\/en-us\/img\/newsroom\/stories\/the-bug-report-september-2022-edition-3.jpg\"><img decoding=\"async\" src=\"https:\/\/www.trellix.com\/en-us\/img\/newsroom\/stories\/the-bug-report-september-2022-edition-3.jpg\" alt=\"\u56fe 2\uff1a\u6613\u53d7\u653b\u51fb\u7684\u63d0\u53d6\u5168\u90e8 \uff08\uff09\"\/><\/a><\/figure>\n\n\n\n<p>\u56fe 2\uff1a\u6613\u53d7\u653b\u51fb\u7684\u63d0\u53d6\u5168\u90e8 \uff08\uff09<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u8c01\u5728\u4e4e\u554a\uff1f<\/h3>\n\n\n\n<p>\u7f16\u5199Python\u4ee3\u7801\u6216\u4f7f\u7528Python\u5f00\u6e90\u8f6f\u4ef6\u7684\u5f00\u53d1\u4eba\u5458\u5e94\u8be5\u610f\u8bc6\u5230\u5b83\u53ca\u5176\u6d41\u884c\u3002\u4e3a\u4ec0\u4e48\u5b83\u5982\u6b64\u666e\u904d\uff1f\u56e0\u4e3a\u5bf9\u8fd9\u4e2a\u9519\u8bef\u7684\u56de\u5e94\u662f\u8b66\u544a\u5728\u5b98\u65b9\u6587\u6863\u4e2d\u4f7f\u7528\u4e0d\u53d7\u4fe1\u4efb\u7684tar\u6587\u4ef6\u7684\u5371\u9669\u3002\u5f53\u7136\uff0c\u6211\u4eec\u90fd\u9605\u8bfb\u4e86\u5b98\u65b9\u6587\u6863\uff0c\u5bf9\u5427\uff1f\u5927\u591a\u6570\u5f00\u53d1\u4eba\u5458\u8981\u4e48\u6ca1\u6709\u9605\u8bfb\u8b66\u544a\uff0c\u8981\u4e48\u5b8c\u5168\u5ffd\u7565\u4e86\u5b83\uff01\u73b0\u5728\uff0c\u6211\u5b8c\u5168\u8d5e\u6210\u5ffd\u7565\u70e6\u4eba\u7684\u4e8b\u60c5\uff0c\u4f46\u5b89\u5168\u8b66\u544a\u5e94\u8be5\u662f\u4e00\u4e2a\u4f8b\u5916\u3002\u8df3\u8fc715\u5e74\uff0c\u73b0\u5728\u5927\u591a\u6570\u4f7f\u7528tarfile\u7684\u5f00\u6e90\u8f6f\u4ef6\u5305\u90fd\u505a\u7740\u4e0d\u5b89\u5168\u7684\u4e8b\u60c5\uff0c\u5e76\u4e14\u53ef\u80fd\u5df2\u7ecf\u8fdb\u5165\u4e86\u60a8\u7684\u4f9b\u5e94\u94fe\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u6211\u8be5\u600e\u4e48\u529e\uff1f<\/h3>\n\n\n\n<p>\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u6211\u4eec\u6b63\u5728\u52aa\u529b\u4e3a\u60a8\u5b8c\u6210\u8270\u82e6\u7684\u5de5\u4f5c\u3002\u6211\u4eec\u4e00\u76f4\u5728\u52aa\u529b\u4fee\u8865\u5c3d\u53ef\u80fd\u591a\u7684\u8fd9\u4e9b\u5f00\u6e90\u9879\u76ee\u3002\u62c9\u53d6\u8bf7\u6c42\u57289\u6708\u4e0b\u65ec\u542f\u52a8\uff0c\u56e0\u6b64\u9879\u76ee\u7ef4\u62a4\u4eba\u5458\u53ef\u4ee5\u5c06\u8865\u4e01\u6dfb\u52a0\u5230\u4ed6\u4eec\u7684\u4ee3\u7801\u5e93\u4e2d\u3002\u5982\u679c\u60a8\u662f\u9879\u76ee\u7ef4\u62a4\u4eba\u5458\uff0c\u8bf7\u7559\u610f\u6211\u4eec\u7684\u62c9\u53d6\u8bf7\u6c42\u6216\u5c3d\u5feb\u7f16\u5199\u81ea\u5df1\u7684\u9632\u6c34\u5e03\u6d88\u6bd2\u8865\u4e01\u3002\u5982\u679c\u60a8\u662f\u5f00\u6e90\u8f6f\u4ef6\u7684\u7528\u6237\uff0c\u8bf7\u5728\u8f6f\u4ef6\u5305\u5e94\u7528\u8865\u4e01\u540e\u7acb\u5373\u66f4\u65b0\u8f6f\u4ef6\u5305\u3002\u4e0d\u662f\u6bcf\u4e2a\u9879\u76ee\u90fd\u4f1a\u88ab\u4fee\u8865\uff0c\u4e5f\u4e0d\u662f\u6bcf\u4e2a\u7ef4\u62a4\u8005\u90fd\u4f1a\u63a5\u53d7\u62c9\u53d6\u8bf7\u6c42\u3002\u5728\u8fd9\u4e9b\u60c5\u51b5\u4e0b\uff0c\u5bf9\u4e8e\u95ed\u6e90\u8f6f\u4ef6\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528&nbsp;<a href=\"https:\/\/github.com\/advanced-threat-research\/Creosote\" target=\"_blank\" rel=\"noreferrer noopener\">Creosote<\/a>&nbsp;\u7b49\u5de5\u5177\u626b\u63cf\u81ea\u5df1\u7684\u9879\u76ee\u3002\u5bf9\u4e8e\u4f60\u4eec\u8fd9\u4e9b\u5f00\u53d1\u4eba\u5458\u6765\u8bf4\uff0c\u73b0\u5728\u4f60\u4eec\u77e5\u9053\u4e86\u3002\u9605\u8bfb\u8b66\u544a\u3002\u4f60\u7684\u4ee3\u7801\u53ef\u80fd\u4f1a\u6301\u7eed\u4e00\u6bb5\u65f6\u95f4<em>\uff0c<\/em>\u6240\u4ee5\u8ba9\u6211\u4eec\u8ba9\u8fd9\u4e2a\u53e4\u8001\u7684\u9519\u8bef\u65e0\u6cd5\u518d\u5b58\u6d3b15\u5e74\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u6211\u4e3a\u4ec0\u4e48\u5728\u8fd9\u91cc\uff1f \u6b22\u8fce\u56de\u5230 Bug \u62a5\u544a\uff0c\u4e0d\u8981\u7528\u811a\u8dbe\u5934\u5b58\u6839\u7248\u672c\uff01\u5bf9\u4e8e\u90a3\u4e9b\u4e0d\u719f\u6089\u6211\u4eec\u5728\u8fd9\u91cc\u505a\u4e8b\u7684\u4eba\uff0c\u6bcf\u4e2a\u6708\u6211\u4eec\u90fd [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6,5,43,17],"tags":[14,173,156],"class_list":["post-777","post","type-post","status-publish","format-standard","hentry","category-fireeye","category-infosec","category-infoarticle","category-infonews","tag-fireeye","tag-fireeye-edr","tag-trellix"],"views":1714,"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/777","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=777"}],"version-history":[{"count":3,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/777\/revisions"}],"predecessor-version":[{"id":781,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/777\/revisions\/781"}],"wp:attachment":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=777"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=777"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=777"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}