˼¿ÆÇå¾²Æô¶¯Ó²¼þ¸Ä¶¯ThrangrycatÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-05-17

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-1649£¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£ºÖм¶£¬£¬£¬ £¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º6.7£¬£¬£¬ £¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-1862£¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ß¼¶£¬£¬£¬ £¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.2£¬£¬£¬ £¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾

CVE-2019-1649

Ö§³ÖTAmµÄ100¶à¿î˼¿Æ²úÆ·


CVE-2019-1862

ÔËÐÐIOS XE°æ±¾16ÇÒÆôÓÃÁËHTTP Server¹¦Ð§µÄ˼¿Æ×°±¸


Îó²î¸ÅÊö


Ñо¿Ö°Ô±ÔÚ˼¿Æ²úÆ·Öз¢Ã÷ÁËÒ»¸öÎó²î£¬£¬£¬ £¬£¬¿Éµ¼Ö¹¥»÷ÕßÔÚÆóÒµºÍÕþ¸®ÍøÂçÖеĴó×Ú×°±¸Èç·ÓÉÆ÷¡¢½»Á÷»úºÍ·À»ðǽÉÏÖ²È볤ÆÚºóÃÅ¡£¡£¡£¡£¡£Õâ¸öÎó²î±»ÃüÃûΪ¡°Thrangrycat¡±£¨¡°ÈýÖ»ÄÕÅ­µÄ衱£©£¬£¬£¬ £¬£¬ÓÉÇå¾²¹«Ë¾Red Baloon·¢Ã÷ÇÒ±àºÅΪCVE-2019-1649£¬£¬£¬ £¬£¬Ó°ÏìÖ§³ÖÐÅÈÎêµãÄ£¿£¿£¿£¿£¿é(TAm)µÄ¶à¿î˼¿Æ²úÆ·¡£¡£¡£¡£¡£


ƾ֤Çå¾²³§ÉÌRed BalloonµÄ±¨¸æ£¬£¬£¬ £¬£¬ThrangrycatÎó²îÊÇÓÉ˼¿ÆÐÅÈÎêÄ£¿£¿£¿£¿£¿é£¨TAm£©ÖеÄÓ²¼þÉè¼ÆȱÏÝÒýÆðµÄ¡£¡£¡£¡£¡£Ë¼¿ÆTAmÊÇ×Ô2013ÄêÒÔÀ´ÏÕЩÔÚËùÓÐ˼¿ÆÆóÒµ×°±¸ÖÐʵÏֵĻùÓÚÓ²¼þµÄÇå¾²Æô¶¯¹¦Ð§£¬£¬£¬ £¬£¬ÓÃÓÚÈ·±£ÔÚÓ²¼þƽ̨ÉÏÔËÐеĹ̼þÊÇÕæʵÇÒδ¾­Ð޸ĵġ£¡£¡£¡£¡£¸ÃÎó²îÊÇÓÉÓÚ¶Ô´úÂëÇøÓòµÄ²»×¼È·¼ì²éÔì³ÉµÄ£¬£¬£¬ £¬£¬¸Ã´úÂëÇøÓòÖÎÀíÇå¾²Æô¶¯Ó²¼þµÄFPGAÍâµØ¸üС£¡£¡£¡£¡£¹¥»÷Õßͨ¹ýÐÞ¸ÄFPGA±ÈÌØÁ÷£¬£¬£¬ £¬£¬¿É½«¶ñÒâ¹Ì¼þдÈë¸Ã×é¼þ£¬£¬£¬ £¬£¬´Ó¶øÆÆËðÇå¾²Æô¶¯Àú³Ì²¢Ê¹Ë¼¿ÆµÄÐÅÈÎÁ´´Ó»ù´¡ÉÏÎÞЧ¡£¡£¡£¡£¡£ÕâÒ»Ð޸ľßÓг¤ÆÚÐÔ£¬£¬£¬ £¬£¬¿ÉÔÚºóÐøµÄÆô¶¯Àú³ÌÖнûÓÃÐÅÈÎ꣬£¬£¬ £¬£¬Ò²¿É½ûÓÃÖ®ºóµÄTAmÈí¼þ¸üС£¡£¡£¡£¡£


ÓÉÓÚʹÓøÃÎó²îÐèÒª¾ßÓиùȨÏÞ£¬£¬£¬ £¬£¬Òò´Ë˼¿ÆÐû²¼Ç徲ͨ¸æÌåÏÖ£¬£¬£¬ £¬£¬Ö»ÓоßÓжÔÄ¿µÄϵͳÎïÆÊÎö¼ûȨÏÞµÄÍâµØ¹¥»÷Õ߲ŻªÔÚ×é¼þÖÐдÈë¾­Ð޸ĵĹ̼þ¾µÏñ¡£¡£¡£¡£¡£


È»¶ø£¬£¬£¬ £¬£¬Red BalloonÑо¿Ö°Ô±Ö¸³ö£¬£¬£¬ £¬£¬¹¥»÷ÕßÒ²ÄÜÁ´½ÓÆäËüȱÏÝÔ¶³ÌʹÓÃThrangrycatÎó²î£¬£¬£¬ £¬£¬´Ó¶ø»ñÈ¡¸ùȨÏÞ»òÕßÖÁÉÙÒÔ¸ùÉí·ÝÖ´ÐÐÏÂÁî¡£¡£¡£¡£¡£


ΪÁËÑÝʾ¸Ã¹¥»÷£¬£¬£¬ £¬£¬Ñо¿Ö°Ô±Åû¶ÁË»ùÓÚwebµÄ˼¿ÆIOS²Ù×÷ϵͳµÄÓû§½Ó¿ÚRCEÎó²îCVE-2019-1862£¬£¬£¬ £¬£¬¿Éµ¼ÖÂÒѵǼµÄÖÎÀíÔ±ÒÔ¸ùȨÏÞÔÚÊÜÓ°Ïì×°±¸µÄµ×²ãLinux shellÉÏÖ´ÐÐí§ÒâÏÂÁî¡£¡£¡£¡£¡£


»ñµÃ¸ù»á¼ûȨÏ޺󣬣¬£¬ £¬£¬¶ñÒâÖÎÀíÔ±Äܹ»Ê¹ÓÃThrangrycatÎó²îÔ¶³ÌÈƹýÄ¿µÄÉè±¹ØÁ¬ÄTAm£¬£¬£¬ £¬£¬²¢×°ÖöñÒâºóÃÅ¡£¡£¡£¡£¡£


Ñо¿Ö°Ô±ÌåÏÖ£¬£¬£¬ £¬£¬Í¨¹ýÁ´½ÓThrangrycatºÍÔ¶³ÌÏÂÁî×¢ÈëÎó²î£¬£¬£¬ £¬£¬¹¥»÷ÕßÄܹ»Ô¶³Ì²¢³¤ÆÚµØÈƹý˼¿ÆµÄÇå¾²ÆôÄîÍ·ÖƲ¢Ëø¶¨ËùÓÐTAmµÄδÀ´Èí¼þ¸üС£¡£¡£¡£¡£

Îó²îÑéÖ¤


ÔÝÎÞPOC/EXP¡£¡£¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬£¬£¬ £¬£¬²¹¶¡»ñÈ¡Á´½Ó£º


CVE-2019-1649

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot


CVE-2019-1862

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-webui#fshttps://thrangrycat.com/


²Î¿¼Á´½Ó


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-webui#fshttps://thrangrycat.com/
https://thehackernews.com/2019/05/cisco-secure-boot-bypass.html