¾ÆÀ̵ðÀúÀå
 
   
Home > Give & Take > CONCERT Hot Line
Çѱ¹Ä§ÇØ»ç°í´ëÀÀÆÀÇùÀÇȸ
  3/28 ñé ȫĿ¿¬¸ÍÀÇ Çѱ¹ À¥»çÀÌÆ® °ø°Ý¿¹°í¿¡ ´ëÇÑ Á¤º¸ °øÀ¯
  »ç¹«±¹   °ü¸®ÀÚ   2017-03-22   

Áß±¹ÀÇ ÇØÄ¿Á¶Á÷ÀΠȫĿ¿¬¸ÍÀº Çѱ¹ »çÀÌÆ®¸¦ ´ë»óÀ¸·Î ´ë±Ô¸ð ÇØÅ· °èȹÀ» °Ô½ÃÇϰí, À̸¦ À§ÇÑ ÇØÄ¿¸¦ ¸ðÁýÇϰí ÀÖ´Ù´Â ¼Ò½ÄÀÌ ÀÖ¾ú½À´Ï´Ù.

±×¸®°í ÀÌÈÄ¿¡ Áß±¹ »çÀ̹öº¸¾Èµ¿Çâ Àü¹®ÀÎ ¾¾¿£½ÃÅ¥¸®Æ¼¿¡ µû¸£¸é  
À̹ø¿¡ °Ô½Ã±ÛÀÌ ¿Ã¶ó¿Â »çÀÌÆ®´Â Á¤½Ä ȫĿ¿¬¸Í »çÀÌÆ®°¡ ¾Æ´Ï¶ó°í ÇÕ´Ï´Ù.

(»ó¼¼³»¿ë ¾Æ·¡ ±â»ç ÂüÁ¶)
http://www.dailysecu.com/?mod=news&act=articleView&idxno=19171

Áö³­ 2014³â ¾î³ª´Ï¸Ó½ºÀÇ OpKorea¶§ 󷳠ȫĿ¿¬¸ÍÀ» »çĪÇϴ °ÍÀÏ °¡´É¼ºÀÌ Å©Áö¸¸,
±×·¡µµ ÀÌ¹Ì °ø°³µÈ Ãë¾àÁ¡¿¡ ´ëÇØ Á¶Ä¡¸¦ ÃëÇÏ´Â µî ¸¸¹ÝÀÇ ´ëºñ´Â ÇÊ¿äÇÒ °Í °°½À´Ï´Ù.


ȫĿ¿¬¸Í¿¡¼­ ¹èÆ÷Çϰí ÀÖ´Ù´Â ÇØÅ·ToolÀ» »ç¹«±¹¿¡¼­ ÀÔ¼öÇß½À´Ï´Ù.
CONCERT HotLine ¸ÞÀϸµ¸®½ºÆ®¿¡´Â ºñȸ¿ø»çµµ Æ÷ÇԵǾî ÀÖ¾î
´Üü¸ÞÀÏÀ» ÅëÇØ ToolÀ» °øÀ¯ÇÏ´Â ÇÏ´Â °ÍÀº ºÎÀûÀýÇÏ´Ù°í ÆÇ´ÜµÇ¾î
°øÀ¯ÇÏÁö ¾Ê½À´Ï´Ù.
´Ù¸¸, ³»ºÎ ºÐ¼®¿ëÀ¸·Î ²À ÇÊ¿äÇϽаæ¿ì¿¡´Â info@concert.or.kr·Î ¿äû Áֽøé
È®ÀÎ ÈÄ °øÀ¯µå¸®°Ú½À´Ï´Ù.

åÙ剑 (sqlÀÎÁ§¼ÇÅø)
å«树(sqlÀÎÁ§¼Ç,xssÅø)
挖ÏÞ鸡(sqlÀÎÁ§¼ÇÅø)
Ù¥á³í­综ùêñ¼ìý(sqlÀÎÁ§¼ÇÅø)
õ±级SQLñ¼ìý(sqlÀÎÁ§¼ÇÅø)
啊D(sqlÀÎÁ§¼ÇÅø)
webשÔ×扫ÙÚÐïv1.0(À¥Ãë¾àÁ¡ ½ºÄ³³Ê)


Áö³­´ÞºÎÅÍ Apache Struts2 ÀÇ Ãë¾àÁ¡À» ÀÌ¿ëÇÑ Áß±¹¹ß ÇØÅ·ÀÌ Áö¼ÓÀûÀ¸·Î ¹ß»ýÇϰí ÀÖ´Â »óȲÀ̸ç, CVE-2017-5638 Ãë¾àÁ¡¿¡ ´ëÇØ KISA °øÁö ÀÌÈÄ¿¡ °ø°Ý º¤Å͸¦ º¯°æÇÑ »õ·Î¿î °ø°Ý ¹æ½ÄÀÌ µîÀåÇß½À´Ï´Ù.
¶ÇÇÑ IBM X-Force¿¡¼­´Â ÇØ´ç Ãë¾àÁ¡À» ÀÌ¿ëÇÑ °ø°ÝIP(Indicator)·Î ´ÙÀ½ IP¿¡ ´ëÇØ Â÷´ÜÀ» ±Ç°íÇß½À´Ï´Ù.

Indicators
 202.194.207.101
 222.175.103.114
 192.161.172.197
 120.76.41.162
 58.251.130.173
 145.17.204.44
 31.210.47.92
 43.246.208.97
 114.242.82.105
 59.149.158.27
 198.202.241.40
 192.161.172.203
 218.245.0.40
 112.11.105.28
 219.151.7.149
 61.188.38.140
 111.3.155.20
 116.247.101.34
 123.184.19.157
 222.135.204.11
 59.33.252.248
 222.186.58.138
 185.117.72.44
 113.16.135.130
 59.33.252.247
 59.33.252.249
 192.161.172.201
 59.33.252.250
 223.255.145.158
 59.33.252.252
 59.33.252.251

Ãâó : https://exchange.xforce.ibmcloud.com/collection/Apache-Struts-2-Attack-Campaign-adc572fb5f587f2159698fc38a26a2ca


==============================================================
KISA º¸¾È°øÁö

Apache Struts ¿ø°Ý ÄÚµå ½ÇÇà Ãë¾àÁ¡ ¾÷µ¥ÀÌÆ® ±Ç°í 2017.03.07

 

¡à °³¿ä
 o Apache Struts¿¡¼­ ÀÓÀÇ ÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ® ¹ßÇ¥ [1]
  o Ãë¾àÇÑ ¹öÀüÀ» »ç¿ë ÁßÀÎ ¼­¹öÀÇ ´ã´çÀÚ´Â ÇØ°á¹æ¾È¿¡ µû¶ó ÃֽйöÀüÀ¸·Î ¾÷µ¥ÀÌÆ® ±Ç°í
 
¡à ³»¿ë
 o Jakarta Multipart ÆÄ¼­¸¦ ±â¹ÝÀ¸·Î ÇÑ ÆÄÀÏ ¾÷·Îµå¸¦ ¼öÇàÇÒ ¶§ HTTP Request Çì´õÀÇ Content-TypeÀ» º¯Á¶ÇÏ¿©

    ¿ø°Ý ÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡(CVE-2017-5638)
 
 ¡à ¿µÇâÀ» ¹Þ´Â Á¦Ç° ¹× ¹öÀü
 o Apache Struts 2.3.5~2.3.31 ¹öÀü
 o Apache Struts 2.5~2.5.10 ¹öÀü
    ¡Ø ¹öÀü È®ÀÎ ¹æ¹ý : webÇÏÀ§ÀÇ /WEB-INF/lib/struts-core.x.x.jar ÆÄÀÏ ¹öÀü È®ÀÎ
 
¡à ÇØ°á ¹æ¾È
 o Ãë¾àÁ¡ÀÌ ÇØ°áµÈ ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® ¼öÇà
   - Apache Struts 2.3.32 ¹öÀü [2]
    - Apache Struts 2.5.10.1 ¹öÀü [3]
  o Content-Type¿¡ ¾ö°ÝÇÑ ÇÊÅ͸µ Àû¿ë ¹× ognl Ç¥Çö½Ä°ú »ç¿ë ±ÝÁö
 o commons-fileupload-x.x.x.jar ÆÄÀÏ »èÁ¦
    ¡Ø ÇØ´ç ÆÄÀÏ »èÁ¦ ½Ã ¾÷·Îµå ±â´É »ç¿ë ºÒ°¡
 
¡à ±âŸ ¹®ÀÇ»çÇ×
 o Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝÄ§ÇØ´ëÀÀ¼¾ÅÍ: ±¹¹ø¾øÀÌ 118
 
 [Âü°í»çÀÌÆ®]
  [1] https://cwiki.apache.org/confluence/display/WW/S2-045
  [2] https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.32
  [3] https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.10.1
 
 =======================================================

Apache Struts2 ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ ÁÖÀÇ!(CVE-2017-5638, S2-046)

ÃÖ±Ù S2-045 Ãë¾àÁ¡°ú À¯»çÇÑ ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ ¶Ç ´Ù½Ã ¹ß°ßµÇ¾ú½À´Ï´Ù.

Ãë¾àÁ¡ °³¿ä

¾Ç¼º Content-Disposition°ª ȤÀº ºÎÀûÀýÇÑ Content-Length Çì´õ¸¦ ÀÌ¿ëÇÏ¿© ¿ø°ÝÄڵ带 ½ÇÇàÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡ ÀÔ´Ï´Ù. ÇØ´ç Ãë¾àÁ¡Àº S2-045¿Í À¯»çÇÏÁö¸¸, »ç¿ëÇÏ´Â °ø°Ý º¤ÅͰ¡ ´Ù¸¨´Ï´Ù.

CVE ¹øÈ£

CVE-2017-5638


PoC

POST /doUpload.action HTTP/1.1
Host: localhost:8080
Content-Length: 10000000
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryAnmUgTEhFhOZpr9z
Connection: close
------WebKitFormBoundaryAnmUgTEhFhOZpr9z
Content-Disposition: form-data; name="upload"; filename="%{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Test','Kaboom')}"
Content-Type: text/plain
Kaboom
------WebKitFormBoundaryAnmUgTEhFhOZpr9z--


ÇØ°á¹æ¹ý

1) Apache Struts 2.3.2 ȤÀº 2.5.10.1·Î ¾÷µ¥ÀÌÆ®
(¢ºÂü°í : Struts 2.3.32 ¾÷µ¥ÀÌÆ®, Struts 2.5.10.1¾÷µ¥ÀÌÆ®)

2) ¸¸¾à ¾÷µ¥ÀÌÆ®¸¦ ÇÒ ¼ö ¾ø´Â »óȲ Áß Apache Struts 2.3.8 – 2.5.5 ȤÀº 2.3.20 – 2.5.5¹öÀü »ç¿ëÀÚ¶ó¸é »õ·Î°³¹ßµÈ Ç÷¯±×ÀÎ »ç¿ë
(¢ºÂü°í : https://github.com/apache/struts-extras)

3) ¸¸¾à ¾÷µ¥ÀÌÆ®¸¦ ÇÒ ¼ö ¾ø´Â »óȲ Áß Struts 2.5.8 – 2.5.10 »ç¿ëÀÚ¶ó¸é ½ºÅÿ¡¼­ File Upload Interceptor »èÁ¦ÇÏ°í ½ºÅÃÀ» Á¤ÀÇÇÏ°í ±âº»À¸·Î ¼³Á¤ÇÑ´Ù.
(¢ºÂü°í : https://cwiki.apache.org/confluence/display/WW/How+do+we+configure+an+Interceptor+to+be+used+with+every+Action)

Âü°í :
https://cwiki.apache.org/confluence/display/WW/S2-045
https://cwiki.apache.org/confluence/display/WW/S2-046
https://community.hpe.com/t5/Security-Research/Struts2-046-A-new-vector/ba-p/6949723#.WNAr_RLyvpR


Ãâó: http://blog.alyac.co.kr/1025 [¾Ë¾à °ø½Ä ºí·Î±×]

==============================================================

  CONCERT Hot Line °Ô½ÃÆÇ ÀÌ¿ë¾È³» »ç¹«±¹ 2013-04-10
401   ±¹³» ÀºÇà´ë»ó DDoS °ø°Ý Çù¹Ú »ç¹«±¹ 2017-06-21
400   3/28 ñé ȫĿ¿¬¸ÍÀÇ Çѱ¹ À¥»çÀÌÆ® °ø°Ý¿¹°í¿¡ ´ë¡¦ »ç¹«±¹ 2017-03-22
399   °³ÀÎÁ¤º¸º¸È£¹ý ÇØ¼³¼­&°³ÀÎÁ¤º¸ÀÇ ¾ÈÁ¤¼ºÈ®º¸Á¶¡¦ »ç¹«±¹ 2017-01-05
398   À¥ ºê¶ó¿ìÀú ¾ÏÈ£ °íµµÈ­ Á¤Ã¥¿¡ µû¸¥ ÁÖÀÇ ±Ç°í »ç¹«±¹ 2016-01-06
397   MS Font µå¶óÀ̹ö ¿ø°ÝÄÚµå ½ÇÇà ½Å±Ô Ãë¾àÁ¡ º¸¡¦ »ç¹«±¹ 2015-07-21
396   [KrCERT] HTTP.sys Ãë¾àÁ¡(CVE-2015-1635) º¸¾ÈÁ¶¡¦ »ç¹«±¹ 2015-04-16
395   Á¤º¸º¸¾È ±â»ç/»ê¾÷±â»ç ÀúÀÚ¹«·áƯº°°­ÀÇ wjcio 2015-03-11
394   À©µµ¼­¹ö 2003 º¸¾È ¼­ºñ½º Áö¿ø Á¾·á °ü·Ã º¸¾È ¡¦ »ç¹«±¹ 2015-03-09
393   [KrCERT]¸®´ª½º Ghost Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í »ç¹«±¹ 2015-01-29
392   Gnu bash Ãë¾àÁ¡(ShellShock) Á¶Ä¡ ÇöȲ Á¶»ç ¿ä¡¦ »ç¹«±¹ 2014-10-01
391   [KrCERT]OpenSSL ´ÙÁß Ãë¾àÁ¡ º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í¡¦ »ç¹«±¹ 2014-06-10
390   [KISA/±ÝÀ¶º¸¾È¿¬±¸¿ø]OpenSSL ´ÙÁßÃë¾àÁ¡ º¸¾È¾÷¡¦ »ç¹«±¹ 2014-06-09
389   [KrCERT/CC]GoZeus, CryptoLocker ¾Ç¼ºÄÚµå ÇÇÇØ¡¦ »ç¹«±¹ 2014-06-03
388   MS IE Á¦·Îµ¥ÀÌ Ãë¾àÁ¡ Á¶Ä¡¹æ¹ý °øÀ¯ »ç¹«±¹ 2014-04-30
387   KISA, OpenSSLÀÇ Ãë¾àÁ¡ ¾Ç¿ëÇÑ °ø°Ý ÁÖÀÇ ´çºÎ »ç¹«±¹ 2014-04-10
   1 2 3 4 5 6 7 8 9 10    
 
°³ÀÎÁ¤º¸Ãë±Þ¹æÄ§