Twitter | Pretraživanje | |
Will Dormann 10. sij
The cat's pretty much out of the bag on how to exploit this. Expect widespread exploitation attempts for CVE-2019-19781 at this point. Despite being almost a month old, there is NO PATCH from at this point. Only a (very important) mitigation.
Reply Retweet Označi sa "sviđa mi se"
Will Dormann 10. sij
Odgovor korisniku/ci @citrix
You don't need to run a working exploit to know if a system is vulnerable or not, though. Simply visit: CITRIXGATEWAY/vpns/cfg/smb.conf in your web browser or script or whatever. If you get a file, the system is vulnerable. If you get a 403, it has had mitigations applied.
Reply Retweet Označi sa "sviđa mi se"
Will Dormann 10. sij
Odgovor korisniku/ci @citrix
Also, FreeBSD 8.4 was EOL'd years ago. And even FreeBSD v. current doesn't even have ASLR enabled (not that it'd matter in this particular case). And this is something you're exposing directly to the Internet? YOLO!
Reply Retweet Označi sa "sviđa mi se"
Will Dormann 16. sij
Odgovor korisniku/ci @citrix
Note that Citrix has updated since its initial release. Two notable changes: 1) Citrix SD-WAN WANOP has been added to affected products. 2) Citrix ADC Release 12.1 builds before 51.16/51.19 and 50.31 have bugs that make the mitigations not work. Whoops!
Reply Retweet Označi sa "sviđa mi se"
Will Dormann 16. sij
Odgovor korisniku/ci @citrix
And just for the record, /vpn/../vpns/cfg/smb.conf is the more universal form of the URI to test the vulnerability. The directory traversal is required for IPs listening for the VPN Virtual server. e.g. curl https:// CITRIXGATEWAY /vpn/../vpns/cfg/smb.conf --path-as-is -k
Reply Retweet Označi sa "sviđa mi se"
Will Dormann
Note that Citrix is rolling out changes to address CVE-2019-19781 for some versions at Unauthenticated users no longer appear to be able to request the pages in question.
Reply Retweet Označi sa "sviđa mi se" More