漏洞信息(CVE-2018-6574)

一、漏洞 CVE-2018-6574 基础信息

漏洞信息

                                        # N/A

## 漏洞概述
在特定版本的 Go 中，`go get` 命令在源代码构建期间存在远程命令执行漏洞，这是由于 gcc 或 clang 插件功能中的 `-fplugin=` 和 `-plugin=` 参数未被阻止导致的。

## 影响版本
- Go 1.8.x 版本低于 1.8.7
- Go 1.9.x 版本低于 1.9.4
- Go 1.10 预发布版本低于 Go 1.10rc2

## 细节
攻击者可以通过 `go get` 命令利用未被阻止的 `-fplugin=` 和 `-plugin=` 参数，触发 gcc 或 clang 插件功能来执行远程命令。

## 影响
此漏洞可导致攻击者在构建过程中执行任意远程命令，从而对系统安全构成威胁。

提示

尽管我们采用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确，但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利！

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

Google Go 安全漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

Google Go是美国谷歌（Google）公司的一种针对多处理器系统应用程序的编程进行了优化的编程语言。 Google Go 1.8.7之前版本、1.9.4之前的1.9.x版本和1.10rc2之前的1.10 pre-releases版本中存在安全漏洞。远程攻击者可利用该漏洞执行命令。

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

代码注入

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2018-6574 的公开POC

#	POC 描述	源链接	神龙链接
1	None	https://github.com/acole76/cve-2018-6574	POC详情
2	CVE-2018-6574 POC : golang 'go get' remote command execution during source code build	https://github.com/neargle/Go-Get-RCE-CVE-2018-6574-POC	POC详情
3	CVE-2018-6574 for pentesterLAB	https://github.com/wb4r/go-get-rce	POC详情
4	cve-2018-6574 @pentesterlab	https://github.com/ahmetmanga/go-get-rce	POC详情
5	None	https://github.com/ahmetmanga/cve-2018-6574	POC详情
6	None	https://github.com/redirected/cve-2018-6574	POC详情
7	None	https://github.com/20matan/CVE-2018-6574-POC	POC详情
8	CVE-2018-6574	https://github.com/zur250/Zur-Go-GET-RCE-Solution	POC详情
9	None	https://github.com/mekhalleh/cve-2018-6574	POC详情
10	CVE-2018-6574	https://github.com/veter069/go-get-rce	POC详情
11	None	https://github.com/duckzsc2/CVE-2018-6574-POC	POC详情
12	None	https://github.com/dollyptm/cve-2018-6574	POC详情
13	A simple POC for CVE-2018-6574	https://github.com/qweraqq/CVE-2018-6574	POC详情
14	CVE-2018-6574	https://github.com/d4rkshell/go-get-rce	POC详情
15	None	https://github.com/chaosura/CVE-2018-6574	POC详情
16	ptl cve-2018-6574	https://github.com/french560/ptl6574	POC详情
17	None	https://github.com/InfoSecJack/CVE-2018-6574	POC详情
18	CVE-2018-6574 go get RCE	https://github.com/asavior2/CVE-2018-6574	POC详情
19	test for CVE-2018-6574: go get RCE pentesterlab	https://github.com/drset/golang	POC详情
20	None	https://github.com/frozenkp/CVE-2018-6574	POC详情
21	pentesterlab test payload	https://github.com/kev-ho/cve-2018-6574-payload	POC详情
22	None	https://github.com/sdosis/cve-2018-6574	POC详情
23	None	https://github.com/No1zy/CVE-2018-6574-PoC	POC详情
24	None	https://github.com/nthuong95/CVE-2018-6574	POC详情
25	None	https://github.com/AdriVillaB/CVE-2018-6574	POC详情
26	None	https://github.com/yitingfan/CVE-2018-6574_demo	POC详情
27	None	https://github.com/mhamed366/CVE-2018-6574	POC详情
28	None	https://github.com/Eugene24/CVE-2018-6574	POC详情
29	None	https://github.com/coblax/CVE-2018-6574	POC详情
30	CVE-2018-6574	https://github.com/darthvader-htb/CVE-2018-6574	POC详情
31	Vulnerble-code	https://github.com/it3x55/CVE-2018-6574	POC详情
32	CVE-2018-6574: go get RCE solution for pentesterlab challenge	https://github.com/Malone5923/CVE-2018-6574-go-get-RCE	POC详情
33	None	https://github.com/illnino/CVE-2018-6574	POC详情
34	None	https://github.com/TakuCoder/CVE-2018-6574	POC详情
35	None	https://github.com/kawkab101/cve-2018-6574	POC详情
36	None	https://github.com/lsnakazone/cve-2018-6574	POC详情
37	None	https://github.com/pswalia2u/CVE-2018-6574	POC详情
38	A simple POC for CVE-2018-6574	https://github.com/jongmartinez/CVE-2018-6574-POC	POC详情
39	None	https://github.com/azzzzzzzzzzzzzzzzz/CVE-2018-6574	POC详情
40	None	https://github.com/noname-nohost/CVE-2018-6574	POC详情
41	None	https://github.com/shadofren/CVE-2018-6574	POC详情
42	None	https://github.com/NikolaT3sla/cve-2018-6574	POC详情
43	None	https://github.com/vishack/CVE-2018-6574	POC详情
44	None	https://github.com/PLP-Orange/cve-2018-6574-exercise	POC详情
45	None	https://github.com/purgedemo/CVE-2018-6574	POC详情
46	None	https://github.com/purgedemo/CVE-2018-6574_2	POC详情
47	None	https://github.com/killtr0/POC-CVE-2018-6574	POC详情
48	solution	https://github.com/theJuan1112/pentesterlab-cve-2018-6574	POC详情
49	None	https://github.com/MohamedTarekq/test-CVE-2018-6574-	POC详情
50	None	https://github.com/OLAOLAOLA789/CVE-2018-6574	POC详情
51	None	https://github.com/repos13579/labCVE-2018-6574	POC详情
52	Pentesterlabs	https://github.com/yashanand/cve-2018-6574	POC详情
53	go rce	https://github.com/jaya522/CVE-2018-6574-go-get-RCE	POC详情
54	None	https://github.com/noobTest1122/CVE-2018-6574	POC详情
55	None	https://github.com/ErnestZiemkowski/cve-2018-6574	POC详情
56	None	https://github.com/l3ouu4n9/CVE-2018-6574-POC	POC详情
57	PTLabs	https://github.com/R3dAlch3mist/cve-2018-6574	POC详情
58	Remote command execution in Golang go get command allows an attacker to gain code execution on a system by installing a malicious library.	https://github.com/j4k0m/CVE-2018-6574	POC详情
59	Exploit for remote command execution in Golang go get command.	https://github.com/Devang-Solanki/CVE-2018-6574	POC详情
60	None	https://github.com/ItsFadinG/CVE-2018-6574	POC详情
61	None	https://github.com/imojne/CVE-2018-6574-POC	POC详情
62	cve-2018-6574	https://github.com/twseptian/cve-2018-6574	POC详情
63	None	https://github.com/the-valluvarsploit/CVE-2018-6574	POC详情
64	None	https://github.com/yavolo/CVE-2018-6574	POC详情
65	CVE-2018-6574: go get RCE	https://github.com/ThaFWord/pentesterlab	POC详情
66	Exploit for Pentester Labs	https://github.com/Cypheer/exploit_CVE-2018-6574	POC详情
67	None	https://github.com/jftierno/CVE-2018-6574-2	POC详情
68	None	https://github.com/tjcim/cve-2018-6574	POC详情
69	None	https://github.com/markisback/CVE-2018-6574	POC详情
70	The issue is due to the fact that when installing a package, Golang will build native extensions. This can be used to pass additional flags to the compiler to gain code execution. For example, CFLAGS can be used.	https://github.com/hasharmujahid/CVE-2018-6574-go-get-RCE	POC详情
71	None	https://github.com/jeyaseelans86/CVE-2018-6574	POC详情
72	None	https://github.com/jeyaseelans86/new-CVE-2018-6574	POC详情
73	None	https://github.com/chr1sM/CVE-2018-6574	POC详情
74	None	https://github.com/mux0x/CVE-2018-6574	POC详情
75	CVE-2018-6574 go get	https://github.com/antunesmpedro/CVE-2018-6574	POC详情
76	None	https://github.com/Yealid/CVE-2018-6574	POC详情
77	Used for a PentesterLab exercise	https://github.com/jahwni/CVE-2018-6574	POC详情
78	None	https://github.com/NsByte/CVE-2018-6574	POC详情
79	None	https://github.com/Zeeshan12340/CVE-2018-6574	POC详情
80	None	https://github.com/moTorky/CVE-2018-6574-POC	POC详情
81	CVE-2018-6574: go get RCE	https://github.com/Ashved9/Orange	POC详情
82	CVE-2018-6574 this vulnerability impacts Golang go get command and allows an attacker to gain code execution on a system by installing a malicious library, this vulnerability was fixed in Go 1.8. 7, 1.9. 4 and 1.10rc2. Golang will build native extensions.	https://github.com/zerbaliy3v/cve-2018-6574-exploit	POC详情
83	Pentesterlabs	https://github.com/sec000/cve-2018-6574	POC详情
84	None	https://github.com/jftierno/-CVE-2018-6574	POC详情
85	None	https://github.com/jftierno/CVE-2018-6574	POC详情
86	None	https://github.com/faiqu3/cve-2018-6574	POC详情
87	CVE-2018-6574-go-get-RCE	https://github.com/Dannners/CVE-2018-6574-go-get-RCE	POC详情
88	None	https://github.com/bme2003/CVE-2018-6574	POC详情
89	None	https://github.com/athulmur/CVE-2018-6574	POC详情
90	pentesterlab	https://github.com/iNoSec2/cve-2018-6574	POC详情
91	None	https://github.com/ttyA0/cve-2018-6574	POC详情
92	CVE-2018-6574: go get	https://github.com/faqihudin13/CVE-2018-6574	POC详情
93	None	https://github.com/lisu60/cve-2018-6574	POC详情
94	None	https://github.com/Saboor-Hakimi/CVE-2018-6574	POC详情
95	Remote command execution in Golang go get command allows an attacker to gain code execution on a system by installing a malicious library.	https://github.com/seoqqq/CVE-2018-6574	POC详情
96	OrangeBadge - Exercise CVE-2018-6574: go get RCE	https://github.com/elw0od/PentesterLab	POC详情
97	None	https://github.com/rootxjs/CVE-2018-6574	POC详情
98	None	https://github.com/rootxjs/new-CVE-2018-6574	POC详情

三、漏洞 CVE-2018-6574 的情报信息

https://github.com/KINGSABRI/CVE-in-Ruby/tree/master/CVE-2018-6574 x_refsource_MISC
https://groups.google.com/forum/#%21topic/golang-nuts/sprOaQ5m3Dk x_refsource_CONFIRM
https://github.com/golang/go/issues/23672 x_refsource_CONFIRM
https://groups.google.com/forum/#%21topic/golang-nuts/Gbhh1NxAjMU x_refsource_CONFIRM
https://www.debian.org/security/2019/dsa-4380 vendor-advisory x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:1304 vendor-advisory x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0878 vendor-advisory x_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2018-6574

一、 漏洞 CVE-2018-6574 基础信息

漏洞信息

提示

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2018-6574 的公开POC

三、漏洞 CVE-2018-6574 的情报信息

一、漏洞 CVE-2018-6574 基础信息