Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

China Vuls

871 views

Published on

Vuls祭り#5, China Vuls, Vuls on Alibaba Cloud.
https://vuls-jp.connpass.com/event/131960/

Published in: Technology
  • Be the first to comment

  • Be the first to like this

China Vuls

  1. 1. China Vuls Vuls on Alibaba Cloud
  2. 2. WHO AM I ? 工藤 淳 (Jun Kudo) iret, inc. engineer Microsoft MVP for Azure Alibaba Cloud MVP jkudo level69
  3. 3. Pre-Introducton Serverless Vuls ● Web App for Containers + Azure storage + Azure functions ● Cloud Run + Storage + Cloud Functions ● Fargate + S3 + Lambda
  4. 4. Introducton goal ● 失敗の共有 env: target and host ● Alibaba Cloud ● Elastic Compute Service ● Aliyun linux ● China Qingdao Zone B
  5. 5. Install go-cve-dictionary make install --- (16) ✗ unable to deduce repository and source type for "google.golang.org/appengine/cloudsql": unable to read metadata: unable to fetch raw metadata: failed HTTP request to URL "http://google.golang.org/appengine/cloudsql?go-get=1": Get http://google.golang.org/appengine/cloudsql?go-get=1: dial tcp 216.239.37.1:80: i/o timeout --- Solving failure: unable to deduce repository and source type for "golang.org/x/crypto": unable to read metadata: unable to fetch raw metadata: failed HTTP request to URL "http://golang.org/x/crypto?go-get=1": Get http://golang.org/x/crypto?go- get=1: dial tcp 216.239.37.1:80: i/o timeout make: *** [dep] エラー 1
  6. 6. Great Firewall --- golang.org. 60 IN A 172.217.161.49 --- OrgName: Google LLC
  7. 7. Use container https://vuls.io/docs/ja/install-with-docker.html
  8. 8. Progress Download(NVD) ● Alibaba Cloud qingdao : 1h ● Azure us-central : 2h over ● AWS virginia : 10min ● GCP us-central : 30min
  9. 9. Progress Download(JVN) INFO[06-10|14:20:14]Fetching... https://jvndb.jvn.jp/ja/feed/checksum.txt EROR[06-10|14:20:27]Failed to fetch. err: [aborting: could not write to output stream: Get https://jvndb.jvn.jp/ja/feed/checksum.txt: net/http: TLS handshake timeout] INFO[06-10|14:20:28]Fetching... https://jvndb.jvn.jp/ja/feed/checksum.txt EROR[06-10|14:20:39]Failed to fetch. err: [aborting: could not write to output stream: Get https://jvndb.jvn.jp/ja/feed/checksum.txt: net/http: TLS handshake timeout] INFO[06-10|14:20:40]Fetching... https://jvndb.jvn.jp/ja/feed/checksum.txt EROR[06-10|14:21:10]Failed to fetch. err: [aborting: could not write to output stream: Get https://jvndb.jvn.jp/ja/feed/checksum.txt: dial tcp 192.218.88.5:443:i/o timeout] INFO[06-10|14:21:10]Fetching... https://jvndb.jvn.jp/ja/feed/checksum.txt EROR[06-10|14:21:20]Failed to fetch. err: [aborting: could not write to output stream: Get https://jvndb.jvn.jp/ja/feed/checksum.txt: net/http: TLS handshake timeout] INFO[06-10|14:21:21]Fetching... https://jvndb.jvn.jp/ja/feed/checksum.txt EROR[06-10|14:21:51]Failed to fetch. err: [aborting: could not write to output stream: Get https://jvndb.jvn.jp/ja/feed/checksum.txt: dial tcp 192.218.88.5:443:i/o timeout] INFO[06-10|14:21:52]Fetching... https://jvndb.jvn.jp/ja/feed/checksum.txt EROR[06-10|14:22:02]Failed to fetch. err: [aborting: could not write to output stream: Get https://jvndb.jvn.jp/ja/feed/checksum.txt: net/http: TLS handshake timeout]
  10. 10. Scan
  11. 11. Result
  12. 12. Log [Jun 10 15:04:38] INFO [localhost] Startscanning [Jun 10 15:04:38] INFO [localhost] config: /vuls/config/config.toml [Jun 10 15:04:38] INFO [localhost] Validating config… [Jun 10 15:04:38] INFO [localhost] Detecting Server/Container OS… [Jun 10 15:04:38] INFO [localhost] Detecting OS of servers… [Jun 10 15:04:39] WARN [localhost]Failed to parse CentOS: execResult: servername: aliyun cmd: cat /etc/centos-release exitstatus:0 stdout: Aliyun Linux release 2.1903 (Hunting Beagle) stderr: err: %!s(<nil>) [Jun 10 15:04:39] INFO [localhost] (1/1) Detected: aliyun: redhat 2.1903 [Jun 10 15:04:39] INFO [localhost] Detecting OS of containers… [Jun 10 15:04:39] INFO [localhost] Checking Scan Modes… [Jun 10 15:04:39] INFO [localhost] Detecting Platforms… [Jun 10 15:04:40] INFO [localhost] (1/1) aliyun is running on other [Jun 10 15:04:40] INFO [localhost] Scanning vulnerabilities… [Jun 10 15:04:40] INFO [localhost] Scanning vulnerable OS packages… [Jun 10 15:04:40] INFO [aliyun] Scanning in fast mode [Jun 10 15:04:43] ERROR [aliyun] Not implementedyet: redhat 2.1903, err: %!s(<nil>) One Line Summary ================ aliyun redhat2.1903 384 installed
  13. 13. Etc centos (centos7.6.1810) ======================= Total:19 (High:5 Medium:13 Low:1 ?:0), 18/19 Fixed, 371 installed,53 updatable, 0 exploits,en: 0, ja: 0 alerts +----------------+---------+------+------+----+-----+-------------------------------------------------+ | CVE-ID | FIXED | CERT | CVSS | AV | POC | NVD | +----------------+---------+------+------+----+-----+-------------------------------------------------+ | CVE-2019-5953 | fixed | | 9.8 | N | | https://nvd.nist.gov/vuln/detail/CVE-2019-5953 | | CVE-2019-9636 | fixed | | 9.8 | N | | https://nvd.nist.gov/vuln/detail/CVE-2019-9636 | | CVE-2019-3855 | fixed | | 9.3 | N | | https://nvd.nist.gov/vuln/detail/CVE-2019-3855 | | CVE-2019-3856 | fixed | | 8.8 | N | | https://nvd.nist.gov/vuln/detail/CVE-2019-3856 | | CVE-2019-3857 | fixed | | 8.8 | N | | https://nvd.nist.gov/vuln/detail/CVE-2019-3857 | | CVE-2019-3863 | fixed | | 8.8 | N | | https://nvd.nist.gov/vuln/detail/CVE-2019-3863 | | CVE-2018-5743 | unfixed | | 8.6 | N | | https://nvd.nist.gov/vuln/detail/CVE-2018-5743 | | CVE-2019-6974 | fixed | | 8.1 | N | | https://nvd.nist.gov/vuln/detail/CVE-2019-6974 | | CVE-2018-18445 | fixed | | 7.8 | L | | https://nvd.nist.gov/vuln/detail/CVE-2018-18445 | | CVE-2018-9568 | fixed | | 7.8 | L | | https://nvd.nist.gov/vuln/detail/CVE-2018-9568 | | CVE-2019-7221 | fixed | | 7.8 | L | | https://nvd.nist.gov/vuln/detail/CVE-2019-7221 | | CVE-2019-6133 | fixed | | 7.3 | L | | https://nvd.nist.gov/vuln/detail/CVE-2019-6133 | | CVE-2019-6454 | fixed | | 7.0 | L | | https://nvd.nist.gov/vuln/detail/CVE-2019-6454 | | CVE-2018-12126 | fixed | | 6.5 | L | | https://nvd.nist.gov/vuln/detail/CVE-2018-12126 | | CVE-2018-12127 | fixed | | 6.5 | L | | https://nvd.nist.gov/vuln/detail/CVE-2018-12127 | | CVE-2018-12130 | fixed | | 6.2 | L | | https://nvd.nist.gov/vuln/detail/CVE-2018-12130 | | CVE-2019-11091 | fixed | | 5.6 | L | | https://nvd.nist.gov/vuln/detail/CVE-2019-11091 | | CVE-2018-17972 | fixed | | 5.5 | L | | https://nvd.nist.gov/vuln/detail/CVE-2018-17972 | | CVE-2018-5407 | fixed | | 4.8 | P | | https://nvd.nist.gov/vuln/detail/CVE-2018-5407 | +----------------+---------+------+------+----+-----+-------------------------------------------------+
  14. 14. Close ● China's Great Firewall ○ use proxy or vpn ○ use Managed Security Service ● Require Original OS and OSS Support ○ aliyun linux ○ aliyun repository ● hahaha...
  15. 15. Thank you

×