关联漏洞
标题:
Google Go 安全漏洞
(CVE-2018-6574)
描述:Google Go是美国谷歌(Google)公司的一种针对多处理器系统应用程序的编程进行了优化的编程语言。 Google Go 1.8.7之前版本、1.9.4之前的1.9.x版本和1.10rc2之前的1.10 pre-releases版本中存在安全漏洞。远程攻击者可利用该漏洞执行命令。
描述
Remote command execution in Golang go get command allows an attacker to gain code execution on a system by installing a malicious library.
介绍
# CVE-2018-6574
Remote command execution in `Golang` go get command.
CVE-2018-6574 this vulnerability impacts Golang go get command and allows an attacker to gain code execution on a system by installing a malicious library, this vulnerability was fixed in Go 1.8.7, 1.9.4 and 1.10rc2.
Golang will build native extensions. This can be used to pass additional flags to the compiler to gain code execution. For example, `CFLAGS` can be used.
文件快照
[4.0K] /data/pocs/bdf3b86a759ed6ad764db17d0a52ff747717b693
├── [ 183] aaa.c
├── [ 15K] attack (1).so
├── [ 183] attack.c
├── [ 15K] attack.so
├── [ 134] exploit.c
├── [ 334] main.go
└── [ 443] README.md
0 directories, 7 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。