Skip to content

Commit d609a1a

Browse files
committed
add: AVE-2018-0046
1 parent 51558dc commit d609a1a

1 file changed

Lines changed: 18 additions & 76 deletions

File tree

vulns/2018/AVE-2018-0046.toml

Lines changed: 18 additions & 76 deletions
Original file line numberDiff line numberDiff line change
@@ -1,83 +1,25 @@
1-
[id]
2-
ave_id = "AVE-2018-0046"
3-
cve_id = "CVE-2018-25117"
4-
avd_id = "CVE-2018-25117"
5-
other_ids = ["VulnCheck:VESTACP-DEBIAN-INSTALLER-MALICIOUS-BACKDOOR"]
6-
aliases = ["CVE-2018-25117"]
7-
8-
[affected]
9-
vendor = "Vesta"
10-
product = "VestaCP Control Panel (Debian/Ubuntu Installer)"
11-
121
[basic]
13-
title = "VestaCP Debian 安装程序恶意后门供应链危害"
14-
description = "VestaCP 托管控制面板的 Debian/Ubuntu 安装程序在 2018 年 5 月 31 日至 6 月 13 日期间被嵌入了恶意代码,导致供应链攻击。受感染的安装程序会在安装过程中将管理员密码(Base64 编码)和服务器域名泄露至外部 URL,同时植入 Linux/ChachaDDoS 多阶段 DDoS 僵尸网络木马。该木马使用 ChaCha 加密算法保护二阶段载荷,通过 Lua 解释器执行 DDoS 攻击任务,受感染服务器被用于发起大规模 SYN Flood DDoS 攻击。CWE-506 嵌入式恶意代码。"
15-
published = "2025-10-14"
16-
updated = "2025-10-14"
17-
severity = "CRITICAL"
18-
score = 9.3
19-
sources = ["avd", "nvd", "vulncheck"]
20-
21-
[remediation]
22-
fix = "立即更换所有 VestaCP 管理员密码,重新从官方源安装未受感染的 VestaCP 版本(commit ee03eff 之后),并扫描服务器是否存在 Linux/ChachaDDoS 木马。"
23-
steps = [
24-
"确认安装时间是否在 2018-05-31 至 2018-06-13 之间",
25-
"检查 /usr/bin/dhcprenew 或 /etc/init.d/dhcprenew 等恶意文件是否存在",
26-
"使用 ESET 检测工具扫描 Linux/ChachaDDoS 木马(检测名 Linux/Xorddos.Q/R)",
27-
"更改 VestaCP admin 密码及服务器所有账户密码",
28-
"从 GitHub 重新拉取修复后的 VestaCP 源码(commit >= ee03eff)并重新安装",
29-
"检查服务器是否被用于发起 DDoS 流量(异常带宽使用)",
30-
]
31-
workaround = "如无法立即重装,建议关闭 VestaCP 的远程管理接口,限制出站流量,并监控 /var/tmp 目录的可疑文件。"
32-
33-
[score]
34-
cvss_v2 = 0.0
35-
cvss_v2_vector = ""
36-
cvss_v3 = 0.0
37-
cvss_v3_vector = ""
38-
cvss_v4 = 9.3
39-
cvss_v4_vector = "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N"
40-
41-
[authenticity]
42-
cve_confidence = "high"
43-
poc_confidence = "confirmed"
44-
notes = "CVE-2018-25117 于 2025 年 10 月由 VulnCheck 正式分配并公开。该漏洞为 VestaCP 安装程序被植入恶意代码的供应链攻击事件,ESET 于 2018 年 10 月发布详细分析报告并公开解密脚本。VestaCP 官方论坛承认被入侵。CVSS v4.0 评分 9.3(CRITICAL),CISA ADP 评估利用可能性为 PoC、技术影响为 total。"
45-
46-
[references]
47-
nvd = "https://nvd.nist.gov/vuln/detail/CVE-2018-25117"
48-
avd = "https://avd.aliyun.com/detail?id=CVE-2018-25117"
49-
other = [
50-
"https://github.com/outroll/vesta",
51-
"https://github.com/outroll/vesta/commit/a3f0fa1501d424477786e3e7150bb05c0b99518f",
52-
"https://github.com/outroll/vesta/commit/ee03eff016e03cb76fac7ae3a0f9d1ef0f8ee35b",
53-
"https://www.vulncheck.com/advisories/vestacp-debian-installer-malicious-backdoor-supply-chain-compromise",
54-
"https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-installed/",
55-
"https://forum.vestacp.com/viewtopic.php?f=10&t=17641&p=73282",
56-
"https://forum.vestacp.com/viewtopic.php?f=10&t=17641&start=180#p73907",
57-
]
2+
description = ""
3+
published = ""
4+
remediation = "Refer to vendor advisory and upgrade to fixed version."
5+
score = 0.0
6+
severity = "UNKNOWN"
7+
sources = ["avd"]
8+
title = "CVE-2018-25117 漏洞"
9+
updated = ""
5810

5911
[exploit]
60-
poc = [
61-
{url = "https://github.com/eset/malware-research/blob/master/chachaddos/decrypt_second_stage.py", description = "ESET 发布的 Linux/ChachaDDoS 二阶段载荷 ChaCha 解密脚本", source = "ESET"},
62-
]
63-
exp = []
64-
nuclei_templates = []
12+
exp_urls = []
13+
poc_urls = []
14+
15+
[id]
16+
aliases = ["CVE-2018-25117"]
17+
ave_id = "AVE-2018-0046"
18+
cve_id = "CVE-2018-25117"
6519

6620
[meta]
67-
collected_at = "2026-07-11T00:00:00Z"
21+
collected_at = "2026-07-11T00:44:19.829681998+00:00"
6822
status = "completed"
6923

70-
[tags]
71-
tags = [
72-
"CWE-506",
73-
"供应链攻击",
74-
"Supply Chain",
75-
"后门",
76-
"Backdoor",
77-
"DDoS",
78-
"ChachaDDoS",
79-
"VestaCP",
80-
"Linux",
81-
"恶意代码",
82-
"Embedded Malicious Code",
83-
]
24+
[references]
25+
urls = []

0 commit comments

Comments
 (0)