关联漏洞
Description
Example InSpec profile to detect presence of a malicious rest-client gem (CVE-2019-15224)
介绍
# a malicious rest-client gem
On August 19, 2019, it was discovered that the `rest-client` gem had had [several versions published containing malicious code](https://github.com/rest-client/rest-client/issues/713). In discovering the malicious `rest-client`, several other new gems were determined to be carrying similar code.
Coverage:
+ https://www.securityweek.com/backdoor-found-rest-client-ruby-gem
+ https://www.theregister.co.uk/2019/08/20/ruby_gem_hacked/
+ https://www.macobserver.com/news/ruby-11-backdoors/
This repo is an example of how one could use InSpec to create controls to audit hosts for the presence of malicious versions of `rest-client` and for the other gems discovered during the investigation. The checks require a scan of entire filesystem directory structures. Because this is a slow process, it is recommended that these controls should not be added to continuous system checks.
文件快照
[4.0K] /data/pocs/6657de496933506792bdf926c2e46274f97f5c81
├── [4.0K] controls
│ └── [2.3K] cve-2019-15224.rb
├── [4.0K] habitat
│ └── [ 155] plan.sh
├── [ 329] inspec.yml
├── [4.0K] libraries
└── [ 911] README.md
3 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。