链接：a76K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4W2M7Y4c8Q4x3X3g2G2M7X3N6Q4x3X3g2U0L8W2)9J5c8Y4m8#2j5X3I4A6M7$3S2Q4x3V1k6E0j5h3W2F1i4K6u0r3z5g2)9J5c8U0t1H3x3e0y4Q4x3V1j5J5x3o6p5K6x3o6x3J5y4K6p5%4x3K6V1@1x3U0V1&6y4e0R3J5y4o6j5&6x3#2)9J5c8U0t1H3x3e0x3H3x3K6t1%4x3e0M7K6z5e0b7J5z5e0V1#2z5o6t1@1y4U0V1K6i4K6g2X3i4K6u0W2K9s2c8E0L8l9`.`.
日期：2013-03-27

近期，国家信息安全漏洞共享平台CNVD收录了快客邮件系统(QuarkMail)存在的一个远程代码执行漏洞（CNVD编号：CNVD-2013-21254）。攻击者利用漏洞可发起远程攻击，通过执行特定指令逐步渗透控制邮件服务器主机。互联网上已经出现了攻击利用代码，对相关服务器构成信息泄露和运行安全威胁。具体情况通报如下：
        一、漏洞情况分析
        快客电邮(QuarkMail)是北京雄智伟业有限公司开发的邮件系统软件。根据CNVD测试结果，相关版本的快客电邮产品采用了CGI脚本，存在一处远程代码执行漏洞。攻击者可利用漏洞直接发起恶意URL请求，远程执行操作系统指令。通过当前邮件服务器运行用户已有权限，攻击者可逐步渗透并控制邮件服务器主机操作系统。
        二、漏洞影响分析
        CNVD对该漏洞的综合评级为“高危”。
        根据北京雄智伟业有限公司网站主页上的产品简介（017K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3W2H3L8h3!0@1L8%4u0Q4x3X3g2U0L8$3#2Q4x3V1k6A6L8X3c8W2P5q4)9J5k6h3S2@1L8h3I4Q4c8f1k6Q4b7V1y4Q4z5o6W2Q4c8e0S2Q4z5p5g2Q4b7U0N6Q4c8e0N6Q4z5f1k6Q4b7e0g2Q4c8f1k6Q4b7V1y4Q4z5p5y4Q4c8e0S2Q4b7f1k6Q4b7e0g2Q4c8e0c8Q4b7V1q4Q4b7e0N6Q4c8e0g2Q4z5e0y4Q4z5o6q4Q4c8e0g2Q4b7U0W2Q4b7V1k6Q4c8e0k6Q4b7U0y4Q4z5f1u0Q4c8e0g2Q4b7V1q4Q4z5e0c8Q4c8e0N6Q4z5e0c8Q4b7e0S2Q4c8e0c8Q4b7V1q4Q4z5p5g2Q4c8e0k6Q4z5o6S2Q4z5e0q4Q4c8e0g2Q4z5f1u0Q4b7V1c8Q4c8e0k6Q4z5e0c8Q4b7V1k6Q4c8e0g2Q4b7V1q4Q4z5f1y4Q4c8e0g2Q4z5e0u0Q4z5p5y4Q4c8e0W2Q4z5o6N6Q4z5p5c8Q4c8e0S2Q4b7e0k6Q4z5o6q4Q4c8e0c8Q4b7V1k6Q4b7e0q4Q4c8e0k6Q4z5o6q4Q4b7f1k6Q4c8e0N6Q4b7U0y4Q4b7V1u0Q4c8e0N6Q4b7V1u0Q4z5f1k6Q4c8e0W2Q4z5o6y4Q4b7e0S2Q4c8e0W2Q4z5e0N6Q4b7e0S2Q4c8e0c8Q4b7V1u0Q4b7e0g2Q4c8e0g2Q4z5p5k6Q4z5p5q4Q4c8e0g2Q4z5o6k6Q4z5f1u0Q4c8e0W2Q4z5e0S2Q4z5f1k6Q4c8e0y4Q4z5o6m8Q4z5o6q4Q4c8e0N6Q4z5e0c8Q4b7U0g2Q4c8e0c8Q4b7V1k6Q4b7e0q4Q4c8e0y4Q4z5o6m8Q4z5o6q4Q4c8e0k6Q4z5e0k6Q4b7U0m8Q4c8e0W2Q4z5e0N6Q4b7V1u0Q4c8e0y4Q4z5o6m8Q4z5o6q4Q4c8e0k6Q4z5e0g2Q4z5e0W2Q4c8e0S2Q4z5o6u0Q4b7U0u0Q4c8e0k6Q4z5f1y4Q4b7V1q4Q4c8e0k6Q4z5f1g2Q4z5o6c8Q4c8e0g2Q4z5e0u0Q4z5p5y4Q4c8e0N6Q4b7e0N6Q4z5e0q4Q4c8e0N6Q4b7e0m8Q4z5e0c8Q4c8e0W2Q4z5e0W2Q4b7e0u0Q4c8e0k6Q4z5o6W2Q4z5o6m8Q4c8e0N6Q4b7f1c8Q4z5o6W2Q4c8e0g2Q4b7e0c8Q4z5f1q4Q4c8e0c8Q4b7U0S2Q4b7f1q4Q4c8e0W2Q4b7e0u0Q4z5o6k6Q4c8e0g2Q4z5f1k6Q4z5f1k6Q4c8e0y4Q4z5o6m8Q4z5o6u0Q4c8e0N6Q4z5f1u0Q4b7f1g2Q4c8e0g2Q4z5o6W2Q4z5p5c8Q4c8f1k6Q4b7V1y4Q4z5p5y4o6e0W2k6p5i4@1f1&6i4K6R3H3i4K6W2m8i4@1f1^5i4@1u0r3i4K6R3%4i4@1f1$3i4@1t1#2i4K6S2n7i4@1f1^5i4@1q4r3i4K6V1#2i4@1f1%4i4@1u0n7i4K6V1K6i4@1f1$3i4K6W2q4i4K6W2o6i4@1f1^5i4@1u0r3i4K6V1^5i4@1f1$3i4K6W2o6i4@1q4m8i4@1f1^5i4K6R3K6i4@1u0p5i4@1f1%4i4@1p5I4i4@1q4q4i4@1f1^5i4@1q4q4i4@1p5@1i4@1f1#2i4K6S2r3i4K6V1%4i4@1f1#2i4@1u0p5i4@1t1I4i4@1f1#2i4K6V1K6i4K6S2p5i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1@1i4@1u0m8i4@1p5%4i4@1f1#2i4K6V1K6i4K6R3I4i4@1f1#2i4K6R3#2i4@1t1%4i4@1f1@1i4@1u0p5i4K6V1K6i4@1f1%4i4K6R3&6i4K6R3^5i4@1f1$3i4K6W2o6i4@1q4o6i4@1f1#2i4K6S2r3i4@1t1%4i4@1f1K6i4K6R3H3i4K6R3J5
        三、漏洞处置建议
        目前，互联网上已经披露了攻击利用代码，CNVD尚未获知厂商对该漏洞的响应情况。CNVD建议相关用户直接联系厂商，要求提供解决方案。
        CNVD将持续跟踪漏洞处置情况，如需技术支援，请联系CNVD。联系电话：010-82990286，邮箱：vreport@cert.org.cn，网站： 2b5K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4F1N6X3c8Q4x3X3g2G2M7X3N6Q4x3X3g2U0L8W2!0q4x3#2)9^5x3q4)9^5x3R3`.`.
        相关安全公告链接参考如下：
e43K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3y4F1N6X3c8Q4x3X3g2G2M7X3N6Q4x3X3g2U0L8W2)9J5c8Y4y4A6N6r3g2K6i4K6u0r3L8h3q4A6L8W2)9J5c8Y4m8J5k6i4k6A6k6i4N6Q4x3V1k6D9k6r3N6Y4i4K6g2X3M7s2u0W2N6X3W2W2N6#2)9J5k6h3S2@1L8g2)9K6c8Y4c8A6k6q4)9K6c8p5y4z5g2V1c8Q4x3X3b7J5x3o6p5K6i4K6u0V1x3U0p5J5y4e0c8Q4x3U0k6F1j5Y4y4H3i4K6y4n7  0adK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4N6G2L8%4W2#2L8W2)9J5k6h3!0J5k6#2)9J5c8X3u0#2k6%4y4Q4x3V1k6%4L8$3!0&6N6h3&6Q4x3X3b7J5x3o6p5J5i4K6u0V1x3o6p5$3y4o6b7^5

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课