绿盟科技互联网安全威胁周报 ——第201823周 Secer's Blog - 记录互联网安全历程与个人成长经历

绿盟科技发布了本周安全通告，周报编号NSFOCUS-18-23，绿盟科技漏洞库本周新增漏洞记录99条，其中高危漏洞5条。本次周报建议大家关注Git远程代码执行漏洞(CVE-2018-11235) 等，Git在实现上存在远程代码执行漏洞，该漏洞源于在用git clone时没有对submodule的文件夹命名做足够的验证。攻击者可以通过构造一个恶意的.gitmodules文件从而远程执行任意代码。目前厂商已经发布了升级补丁以修复这个安全问题，请用户及时到厂商主页下载更新。

文章目录

焦点漏洞

Git远程代码执行漏洞
NSFOCUS ID
- 39932
CVE ID
- CVE-2018-11235
受影响版本
- GIT < 2.13.7
- GIT 2.17.x < 2.17.1
- GIT 2.16.x < 2.16.4
- GIT 2.15.x < 2.15.2
- GIT 2.14.x < 2.14.4
漏洞点评
- Git是一套免费、开源的分布式版本控制系统。Git在实现上存在远程代码执行漏洞，该漏洞源于在用git clone时没有对submodule的文件夹命名做足够的验证，当用户在使用“git clone –recurse-submodules”时, 攻击者可以通过构造一个恶意的.gitmodules文件从而远程执行任意代码。目前厂商已经发布了升级补丁以修复这个安全问题，请用户及时到厂商主页下载更新。

（数据来源：绿盟科技安全研究部&产品规则组）

一. 互联网安全威胁态势

1.1 CVE统计

最近一周CVE公告总数与前期相比基本持平。

1.2 威胁信息回顾

标题：Confirmed—Microsoft Buys GitHub For $7.5 Billion
- 时间：2018-06-03
- 简介：For those unaware, GitHub is a popular code repository hosting service that allows developers to host their projects, documentation, and code in the cloud using the popular Git source management system, invented in 2005 by Linux founder Linus Torvalds
- 链接：https://thehackernews.com/2018/06/microsoft-acquires-github.html
标题：Zip Slip漏洞可导致RCE 多个语言库受影响 JAVA影响最大含POC
- 时间：2018-06-06
- 摘要：Zip Slip漏洞“任意文件覆盖”和“目录遍历”问题的结合，可能导致攻击者可以将文件解压缩到正常解压缩路径之外并覆盖敏感文件，如关键OS库或服务器配置文件。
- 链接： http://toutiao.secjia.com/article/page?topid=110275
标题：Over 115,000 Drupal Sites Still Vulnerable to Drupalgeddon2 Exploit
- 时间：2018-06-04
- 简介：Hundreds of thousands of websites running on the Drupal CMS—including those of major educational institutions and government organizations around the world—have been found vulnerable to a highly critical flaw for which security patches were released almost two months ago
- 链接：https://thehackernews.com/2018/06/drupalgeddon2-exploit.html
标题：Adobe Flash修复0day漏洞发布新版本请用户及时更新
- 时间：2018-06-08
- 摘要：近期，研究人员发发现Adobe Flash存在一个0day漏洞CVE-2018-5002，它可以被攻击者利用进行任意代码执行，Adobe确认漏洞可以针对Windows用户进行0day攻击。Adobe已针对本次漏洞发布了最新版本，请用户及时更新。
- 链接： http://toutiao.secjia.com/article/page?topid=110299
标题：你的Android系统该更新了谷歌修补了57个Andorid高危漏洞
- 时间：2018-06-07
- 摘要：谷歌在周一修补了57个Andorid漏洞，其中包括两个高危的远程代码执行漏洞，都与Andorid媒体框架有关，各手机厂商先后提供补丁。谷歌表示，Pixel和Nexus设备将于周一开始接受无线更新。大约需要一周半的时间才能将更新发送到所有的Nexus设备
- 链接： http://toutiao.secjia.com/article/page?topid=110282
标题：92 million MyHeritage email addresses found on private server
- 时间：2018-06-05
- 简介：In a disclosure notice, MyHeritage said 92 million email addresses and hashed passwords were discovered on a private server. Is this the first post-GDPR data breach?
- 链接：https://www.csoonline.com/article/3278595/security/92-million-myheritage-email-addresses-found-on-private-server.html#tk.rss_all
标题：Facebook bug changed 14 million users’ default privacy settings to public
- 时间：2018-06-07
- 简介：Facebook admits as many as 14 millions of its users who thought they’re sharing content privately with only friends may have inadvertently shared their posts with everyone because of a software bug
- 链接：https://thehackernews.com/2018/06/facebook-privacy-setting.html
标题：Facebook protests against NYT’s privacy breach claim
- 时间：2018-06-04
- 简介：Facebook has rejected claims by the New York Times that its sharing of personal data with smartphone firms represented a breach of privacy pledges that it had made to its members and a US regulator.
- 链接：https://www.bbc.com/news/technology-44355560
标题：Apple jams Facebook’s web-tracking tools
- 时间：2018-06-04
- 简介：Apple will attempt to frustrate tools used by Facebook to automatically track web users, within the next version of its iOS and Mac operating systems.
- 链接：https://www.bbc.com/news/technology-44360273
标题：Marcus Hutchins, WannaCry-killer, hit with four new charges by the FBI
- 时间：2018-06-07
- 简介：Marcus Hutchins, the British malware analyst who helped stop global Wannacry menace, is now facing four new charges related to malware he allegedly created and promoted it online to steal financial information
- 链接：https://thehackernews.com/2018/06/marcus-hutchins-malware.html

（数据来源：绿盟科技威胁情报与网络安全实验室收集整理）

二. 漏洞研究

2.1 漏洞库统计

截止到2018年6月8日，绿盟科技漏洞库已收录总条目达到40038条。本周新增漏洞记录99条，其中高危漏洞数量5条，中危漏洞数量28条，低危漏洞数量66条。

Espruino jsparse.c拒绝服务漏洞(CVE-2018-11597)
- 危险等级:中
- cve编号:CVE-2018-11597
Espruino jswrap_graphics.c拒绝服务漏洞(CVE-2018-11592)
- 危险等级:中
- cve编号:CVE-2018-11592
Espruino jslex.c拒绝服务漏洞(CVE-2018-11593)
- 危险等级:中
- cve编号:CVE-2018-11593
Espruino jsparse.c拒绝服务漏洞(CVE-2018-11594)
- 危险等级:中
- cve编号:CVE-2018-11594
Espruino strncat拒绝服务漏洞(CVE-2018-11595)
- 危险等级:中
- cve编号:CVE-2018-11595
Espruino jsvar.c拒绝服务漏洞(CVE-2018-11596)
- 危险等级:中
- cve编号:CVE-2018-11596
Git 信息泄露漏洞(CVE-2018-11233)
- 危险等级:高
- cve编号:CVE-2018-11233
Quest DR Series Disk Backup权限提升漏洞(CVE-2018-11193)
- 危险等级:低
- cve编号:CVE-2018-11193
Quest DR Series Disk Backup权限提升漏洞(CVE-2018-11194)
- 危险等级:低
- cve编号:CVE-2018-11194
LibSaas Sass::Inspect::operator拒绝服务漏洞(CVE-2018-11696)
- 危险等级:低
- cve编号:CVE-2018-11696
LibSaas Sass::Prelexer::exactly() 信息泄露漏洞(CVE-2018-11697)
- 危险等级:低
- cve编号:CVE-2018-11697
LibSaas Sass::handle_error信息泄露漏洞(CVE-2018-11698)
- 危险等级:低
- cve编号:CVE-2018-11698
LibSaas Sass::Prelexer::skip_over_scopes信息泄露漏洞(CVE-2018-11693)
- 危险等级:低
- cve编号:CVE-2018-11693
LibSaas Sass::Functions::selector_append拒绝服务漏洞(CVE-2018-11694)
- 危险等级:低
- cve编号:CVE-2018-11694
LibSaas Sass::Expand::operator 拒绝服务漏洞(CVE-2018-11695)
- 危险等级:低
- cve编号:CVE-2018-11695
Liblouis栈缓冲区溢出漏洞(CVE-2018-11683)
- 危险等级:中
- cve编号:CVE-2018-11683
Liblouis栈缓冲区溢出漏洞(CVE-2018-11684)
- 危险等级:中
- cve编号:CVE-2018-11684
Liblouis栈缓冲区溢出漏洞(CVE-2018-11685)
- 危险等级:中
- cve编号:CVE-2018-11685
Natus Medical 拒绝服务漏洞(CVE-2017-2860)
- 危险等级:高
- cve编号:CVE-2017-2860
Mozilla Thunderbird 信息泄露漏洞(CVE-2018-5162)
- 危险等级:中
- cve编号:CVE-2018-5162
Mozilla Thunderbird 信息泄露漏洞(CVE-2018-5184)
- 危险等级:中
- cve编号:CVE-2018-5184
Mozilla Thunderbird 信息泄露漏洞(CVE-2018-5185)
- 危险等级:中
- cve编号:CVE-2018-5185
Natus Medical 缓冲区错误漏洞(CVE-2017-2858)
- 危险等级:高
- cve编号:CVE-2017-2858
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11182)
- 危险等级:低
- cve编号:CVE-2018-11182
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11183)
- 危险等级:低
- cve编号:CVE-2018-11183
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11185)
- 危险等级:低
- cve编号:CVE-2018-11185
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11186)
- 危险等级:低
- cve编号:CVE-2018-11186
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11184)
- 危险等级:低
- cve编号:CVE-2018-11184
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11187)
- 危险等级:低
- cve编号:CVE-2018-11187
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11188)
- 危险等级:低
- cve编号:CVE-2018-11188
Quest DR Series Disk Backup权限提升漏洞(CVE-2018-11189)
- 危险等级:低
- cve编号:CVE-2018-11189
Quest DR Series Disk Backup权限提升漏洞(CVE-2018-11190)
- 危险等级:低
- cve编号:CVE-2018-11190
Quest DR Series Disk Backup权限提升漏洞(CVE-2018-11191)
- 危险等级:低
- cve编号:CVE-2018-11191
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11143)
- 危险等级:低
- cve编号:CVE-2018-11143
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11145)
- 危险等级:低
- cve编号:CVE-2018-11145
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11144)
- 危险等级:低
- cve编号:CVE-2018-11144
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11148)
- 危险等级:低
- cve编号:CVE-2018-11148
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11147)
- 危险等级:低
- cve编号:CVE-2018-11147
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11146)
- 危险等级:低
- cve编号:CVE-2018-11146
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11150)
- 危险等级:低
- cve编号:CVE-2018-11150
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11149)
- 危险等级:低
- cve编号:CVE-2018-11149
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11152)
- 危险等级:低
- cve编号:CVE-2018-11152
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11151)
- 危险等级:低
- cve编号:CVE-2018-11151
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11153)
- 危险等级:低
- cve编号:CVE-2018-11153
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11155)
- 危险等级:低
- cve编号:CVE-2018-11155
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11154)
- 危险等级:低
- cve编号:CVE-2018-11154
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11157)
- 危险等级:低
- cve编号:CVE-2018-11157
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11156)
- 危险等级:低
- cve编号:CVE-2018-11156
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11160)
- 危险等级:低
- cve编号:CVE-2018-11160
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11159)
- 危险等级:低
- cve编号:CVE-2018-11159
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11158)
- 危险等级:低
- cve编号:CVE-2018-11158
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11161)
- 危险等级:低
- cve编号:CVE-2018-11161
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11163)
- 危险等级:低
- cve编号:CVE-2018-11163
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11162)
- 危险等级:低
- cve编号:CVE-2018-11162
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11165)
- 危险等级:低
- cve编号:CVE-2018-11165
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11164)
- 危险等级:低
- cve编号:CVE-2018-11164
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11166)
- 危险等级:低
- cve编号:CVE-2018-11166
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11167)
- 危险等级:低
- cve编号:CVE-2018-11167
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11168)
- 危险等级:低
- cve编号:CVE-2018-11168
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11170)
- 危险等级:低
- cve编号:CVE-2018-11170
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11169)
- 危险等级:低
- cve编号:CVE-2018-11169
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11173)
- 危险等级:低
- cve编号:CVE-2018-11173
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11172)
- 危险等级:低
- cve编号:CVE-2018-11172
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11171)
- 危险等级:低
- cve编号:CVE-2018-11171
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11174)
- 危险等级:低
- cve编号:CVE-2018-11174
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11175)
- 危险等级:低
- cve编号:CVE-2018-11175
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11176)
- 危险等级:低
- cve编号:CVE-2018-11176
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11177)
- 危险等级:低
- cve编号:CVE-2018-11177
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11180)
- 危险等级:低
- cve编号:CVE-2018-11180
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11179)
- 危险等级:低
- cve编号:CVE-2018-11179
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11178)
- 危险等级:低
- cve编号:CVE-2018-11178
Quest DR Series Disk Backup命令注入漏洞(CVE-2018-11181)
- 危险等级:低
- cve编号:CVE-2018-11181
Quest DR Series Disk Backup权限提升漏洞(CVE-2018-11192)
- 危险等级:低
- cve编号:CVE-2018-11192
Apple iOS/macOS inkPresentation安全漏洞(CVE-2018-4187)
- 危险等级:低
- cve编号:CVE-2018-4187
Apple iOS/macOS Crash Reporter拒绝服务漏洞(CVE-2018-4206)
- 危险等级:中
- cve编号:CVE-2018-4206
Eclipse Mosquitto Broker拒绝服务漏洞(CVE-2017-7653)
- 危险等级:中
- cve编号:CVE-2017-7653
Eclipse Mosquitto Broker内存泄露漏洞(CVE-2017-7654)
- 危险等级:中
- cve编号:CVE-2017-7654
ISC BIND 远程拒绝服务漏洞(CVE-2018-5737)
- 危险等级:低
- cve编号:CVE-2018-5737
Linux Kernel本地拒绝服务漏洞(CVE-2018-1120)
- 危险等级:低
- BID:104229
- cve编号:CVE-2018-1120
Symantec Content Analysis/Mail Transfer Defense跨站请求伪造漏洞(CVE-2016-9092)
- 危险等级:中
- BID:104182
- cve编号:CVE-2016-9092
Adobe Acrobat和Reader任意代码执行漏洞(CVE-2018-4971)
- 危险等级:高
- BID:104169
- cve编号:CVE-2018-4971
Apache Storm 欺骗漏洞(CVE-2018-1332)
- 危险等级:中
- cve编号:CVE-2018-1332
Apache Storm 任意文件写漏洞(CVE-2018-8008)
- 危险等级:中
- cve编号:CVE-2018-8008
IBM InfoSphere Information Server权限提升漏洞(CVE-2017-1350)
- 危险等级:高
- cve编号:CVE-2017-1350
IBM InfoSphere Information Server跨站请求伪造漏洞(CVE-2017-1432)
- 危险等级:低
- cve编号:CVE-2017-1432
IBM InfoSphere Information Server信息泄露漏洞(CVE-2017-1454)
- 危险等级:低
- cve编号:CVE-2017-1454
IBM Security Access Manager Appliance信息泄露漏洞(CVE-2017-1474)
- 危险等级:低
- cve编号:CVE-2017-1474
IBM Security Access Manager Appliance信息泄露漏洞(CVE-2017-1476)
- 危险等级:低
- cve编号:CVE-2017-1476
IBM Security Access Manager Appliance信息泄露漏洞(CVE-2017-1480)
- 危险等级:低
- cve编号:CVE-2017-1480
ManageEngine Applications Manager Java RMI 远程代码执行漏洞(CVE-2016-9498)
- 危险等级:中
- BID:97394
- cve编号:CVE-2016-9498
ManageEngine Applications Manager SQL注入漏洞(CVE-2016-9488)
- 危险等级:中
- BID:97394
- cve编号:CVE-2016-9488
ManageEngine Applications Manager权限提升漏洞(CVE-2016-9489)
- 危险等级:中
- BID:97394
- cve编号:CVE-2016-9489
ManageEngine Applications Manager XML eXternal实体漏洞(CVE-2016-9491)
- 危险等级:中
- BID:97394
- cve编号:CVE-2016-9491
ManageEngine Applications Manager跨站脚本漏洞(CVE-2016-9490)
- 危险等级:中
- BID:97394
- cve编号:CVE-2016-9490
WUZHI CMS SQL注入漏洞(CVE-2018-11722)
- 危险等级:中
- cve编号:CVE-2018-11722
The Sleuth Kit (TSK)信息泄露漏洞(CVE-2018-11740)
- 危险等级:中
- cve编号:CVE-2018-11740
The Sleuth Kit (TSK)信息泄露漏洞(CVE-2018-11739)
- 危险等级:中
- cve编号:CVE-2018-11739
The Sleuth Kit (TSK)信息泄露漏洞(CVE-2018-11738)
- 危险等级:中
- cve编号:CVE-2018-11738
The Sleuth Kit (TSK)信息泄露漏洞(CVE-2018-11737)
- 危险等级:中
- cve编号:CVE-2018-11737