关联漏洞
标题:Microsoft Windows tcp/ip 安全漏洞 (CVE-2020-16898)Description:Microsoft Windows tcp/ip是美国微软(Microsoft)公司的一个 Windows 的 Tcp/Ip 支持服务。 Windows TCP/IP 堆栈存在代码问题漏洞。该漏洞允许攻击者可以获取在目标服务器或客户端上执行代码的能力。以下产品及版本受到影响: Windows 10 1909版本, Windows 10 1709版本, Windows Server 1909版本, Windows Server 2004版本, Windows Server 1903版本, Windows 1
Description
A network detection package for CVE-2020-16898 (Windows TCP/IP Remote Code Execution Vulnerability)
介绍
# "Bad Neighbor" Detection, CVE-2020-16898 (Windows TCP/IP RCE)
## Summary:
A network detection package for CVE-2020-16898 (Windows TCP/IP Remote Code Execution Vulnerability)
## References:
- https://corelight.blog/2020/10/15/zeek-community-activates-to-detect-bad-neighbor-cve-2020-16898/
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16898#ID0EUGAC
- Other detection packages developed independently and concurrently by the Zeek community:
https://github.com/initconf/CVE-2020-16898-Bad-Neighbor/blob/master/scripts/CVE-2020-16898-Bad-Neighbor.zeek
https://github.com/esnet-security/cve-2020-16898
## Notices raised :
```CVE-2020-16898 exploit detected from %s. https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16898#ID0EUGAC . Details from packet for reference: info=%s , options=%s```
## Usage, notes and recommendations:
- To use against a pcap you already have ```zeek -Cr scripts/__load__.zeek your.pcap```
- This package will run in clustered or non clustered environments.
## Feedback
- As details emerge, we are keen to improve this package for the benefit of the community, please feel free to contact the author with any suggestions and feedback.
文件快照
[4.0K] /data/pocs/7aea621b8abe4c183937b71bd8ffb3b7b5bd6969
├── [ 210] bro-pkg.meta
├── [1.5K] LICENSE
├── [1.2K] README.md
├── [4.0K] scripts
│ ├── [2.4K] CVE-2020-16898.zeek
│ └── [ 23] __load__.zeek
├── [4.0K] testing
│ ├── [4.0K] Baseline
│ │ └── [4.0K] CVE-2020-16898.pi3_poc
│ │ └── [1.5K] notice.log
│ ├── [ 567] btest.cfg
│ ├── [4.0K] CVE-2020-16898
│ │ ├── [ 196] 6in4-linklocal-hlimit-less255
│ │ ├── [ 178] ipv6-neighbor-discovery
│ │ ├── [ 200] ipv6-router-advertisement-leaving
│ │ ├── [ 147] pi3_poc
│ │ └── [ 144] RS-RA
│ ├── [4.0K] Files
│ │ └── [ 192] random.seed
│ ├── [ 28] Makefile
│ ├── [4.0K] Scripts
│ │ ├── [ 383] diff-remove-timestamps
│ │ └── [1.3K] get-zeek-env
│ └── [4.0K] Traces
│ ├── [ 444] 6in4-linklocal-hlimit-less255.pcapng.cap
│ ├── [ 424] ipv6-neighbor-discovery.pcap
│ ├── [ 544] ipv6-router-advertisement-leaving.pcapng
│ ├── [2.9K] pi3_poc.pcap
│ └── [ 828] RS-RA.pcapng
└── [ 211] zkg.meta
8 directories, 22 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。