严重 Windows SMBv3 客户端/服务器远程代码执行漏洞
CVE编号
CVE-2020-0796利用情况
EXP 已公开补丁情况
官方补丁披露时间
2020-03-12漏洞描述
2020年3月11日,阿里云应急响应中心监测到微软官方发布安全公告,披露某些Windows版本的SMBv3协议实现压缩功能存在一处远程代码执行漏洞。成功利用该漏洞的攻击者可以在目标SMB服务器或SMB客户端上执行代码。目前微软官方已提供安全补丁,并提供了无需安装补丁的缓解措施。 漏洞描述 针对SMBv3服务器,攻击者可以将特制的数据包发送到SMB服务器来触发漏洞。若要针对SMBv3客户端,攻击者需要配置好一个恶意的SMB服务器,并诱使用户连接该服务器。另据国外安全媒体报道,该漏洞(CVE-2020-0796)具有蠕虫特性。漏洞只影响Windows 10系统和Server 1903、1909系统版本,不影响主流的Windows Server 2008/2012/2016/2019系统,整体风险较低。解决建议
前往微软官方下载相应补丁进行更新: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 。受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_10 | 1903 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_10 | 1909 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_server_2016 | 1903 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | microsoft | windows_server_2016 | 1909 | - | |||||
- 攻击路径 远程
- 攻击复杂度 容易
- 权限要求 无需权限
- 影响范围 全局影响
- EXP成熟度 EXP 已公开
- 补丁情况 官方补丁
- 数据保密性 数据泄露
- 数据完整性 传输被破坏
- 服务器危害 服务器失陷
- 全网数量 N/A
| CWE-ID | 漏洞类型 |
| CWE-119 | 内存缓冲区边界内操作的限制不恰当 |
| CWE-20 | 输入验证不恰当 |
Exp相关链接
- https://github.com//danigargu/CVE-2020-0796
- https://github.com/0xtobu/CVE-2020-0796
- https://github.com/1060275195/SMBGhost
- https://github.com/5l1v3r1/CVE-2020-0796-PoC-and-Scan
- https://github.com/AaronWilsonGrylls/CVE-2020-0796-POC
- https://github.com/Aekras1a/CVE-2020-0796-PoC
- https://github.com/alexa872/CVE-2020-0796
- https://github.com/Almorabea/SMBGhost-LPE-Metasploit-Module
- https://github.com/Almorabea/SMBGhost-WorkaroundApplier
- https://github.com/aloswoya/CVE-2020-0796-cobaltstrike-cna
- https://github.com/awareseven/eternalghosttest
- https://github.com/bacth0san96/SMBGhostScanner
- https://github.com/Barriuso/SMBGhost_AutomateExploitation
- https://github.com/BinaryShadow94/SMBv3.1.1-scan---CVE-2020-0796
- https://github.com/ButrintKomoni/cve-2020-0796
- https://github.com/codewithpradhan/SMBGhost-CVE-2020-0796-
- https://github.com/cory-zajicek/CVE-2020-0796-DoS
- https://github.com/danigargu/CVE-2020-0796
- https://github.com/datntsec/CVE-2020-0796
- https://github.com/Dhoomralochana/Scanners-for-CVE-2020-0796-Testing
- https://github.com/dickens88/cve-2020-0796-scanner
- https://github.com/DreamoneOnly/CVE-2020-0796-LPE
- https://github.com/eastmountyxz/CVE-2020-0796-SMB
- https://github.com/eerykitty/CVE-2020-0796-PoC
- https://github.com/exp-sky/CVE-2020-0796
- https://github.com/f1tz/CVE-2020-0796-LPE-EXP
- https://github.com/gabimarti/SMBScanner
- https://github.com/getdrive/smbghost
- https://github.com/GuoKerS/aioScan_CVE-2020-0796
- https://github.com/halsten/CVE-2020-0796
- https://github.com/IAreKyleW00t/SMBGhosts
- https://github.com/insightglacier/SMBGhost_Crash_Poc
- https://github.com/intelliroot-tech/cve-2020-0796-Scanner
- https://github.com/ioncodes/SMBGhost
- https://github.com/jamf/CVE-2020-0796-LPE-POC
- https://github.com/jamf/CVE-2020-0796-RCE-POC
- https://github.com/jiansiting/CVE-2020-0796
- https://github.com/jiansiting/CVE-2020-0796-Scanner
- https://github.com/joaozietolie/CVE-2020-0796-Checker
- https://github.com/julixsalas/CVE-2020-0796
- https://github.com/k8gege/PyLadon
- https://github.com/Kinesys/Kinesys-CVE-2020-0796
- https://github.com/kn6869610/CVE-2020-0796
- https://github.com/LabDookhtegan/CVE-2020-0796-EXP
- https://github.com/laolisafe/CVE-2020-0796
- https://github.com/ly4k/SMBGhost
- https://github.com/marcinguy/CVE-2020-0796
- https://github.com/MasterSploit/LPE---CVE-2020-0796
- https://github.com/maxpl0it/Unauthenticated-CVE-2020-0796-PoC
- https://github.com/netscylla/SMBGhost
- https://github.com/ollypwn/SMBGhost
- https://github.com/ORCA666/CVE-2020-0796
- https://github.com/plorinquer/cve-2020-0796
- https://github.com/psc4re/NSE-scripts
- https://github.com/ran-sama/CVE-2020-0796
- https://github.com/rsmudge/CVE-2020-0796-BOF
- https://github.com/Rvn0xsy/CVE_2020_0796_CNA
- https://github.com/section-c/CVE-2020-0796
- https://github.com/sujitawake/smbghost
- https://github.com/T13nn3s/CVE-2020-0796
- https://github.com/tango-j/CVE-2020-0796
- https://github.com/technion/DisableSMBCompression
- https://github.com/thelostworldFree/CVE-2020-0796
- https://github.com/TinToSer/CVE-2020-0796-LPE
- https://github.com/tripledd/cve-2020-0796-vuln
- https://github.com/UraSecTeam/smbee
- https://github.com/vysecurity/CVE-2020-0796
- https://github.com/w1ld3r/SMBGhost_Scanner
- https://github.com/weidutech/CVE-2020-0796-PoC
- https://github.com/wneessen/SMBCompScan
- https://github.com/wsfengfan/CVE-2020-0796
- https://github.com/xax007/CVE-2020-0796-Scanner
- https://github.com/ysyyrps123/CVE-2020-0796
- https://github.com/ysyyrps123/CVE-2020-0796-exp
- https://github.com/ZecOps/CVE-2020-0796-LPE-POC
- https://github.com/ZecOps/CVE-2020-0796-RCE-POC
- https://github.com/ZecOps/SMBGhost-SMBleed-scanner
- https://gitlab.com/darthploit/CVE-2020-0796
- https://gitlab.com/darthploit/CVE-2020-0796-POC
- https://gitlab.com/gavz/CVE-2020-0796
- https://gitlab.com/gavz/CVE-2020-0796-POC
- https://gitlab.com/ran-sama/cve-2020-0796
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/cve_2020_0796_smbghost.rb
- https://www.exploit-db.com/exploits/48216
- https://www.exploit-db.com/exploits/48267
- https://www.exploit-db.com/exploits/48537
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论