v1.5.40
版本发布时间: 2023-06-21 02:32:26
BishopFox/sliver最新发布版本:v1.5.42(2024-02-29 04:00:27)
⚠️ Backwards incompatible changes ⚠️
This release fixes a vulnerability (CVE-2023-34758) in the Sliver Key Encapsulation Mechanism (KEM), where improper use of Nacl Box (libsodium) could allow a MitM attacker with a copy of the implant binary to recover the session key and arbitrarily encrypt/decrypt C2 messages. Note that the Sliver KEM is only used over insecure protocols such as HTTP and DNS, and does not affect mTLS or Wireguard.
The issue was addressed by switching to a combination age for the KEM and HMAC-SHA2-256 to verify the implant.
More details: https://github.com/BishopFox/sliver/security/advisories/GHSA-8jxm-xp43-qh3q
Special thanks to Ting-Wei Hsieh from CHT Security Co. Ltd. for reporting the vulnerability.
1、 sliver-client_linux 34.82MB
2、 sliver-client_linux.sig 566B
3、 sliver-client_macos 37.84MB
4、 sliver-client_macos-arm64 36.97MB
5、 sliver-client_macos-arm64.sig 566B
6、 sliver-client_macos.sig 566B
7、 sliver-client_windows.exe 34.48MB
8、 sliver-client_windows.sig 566B
9、 sliver-server_linux 160.8MB
10、 sliver-server_linux.sig 566B
11、 sliver-server_macos 164.53MB
12、 sliver-server_macos-arm64 160.87MB
13、 sliver-server_macos-arm64.sig 566B
14、 sliver-server_macos.sig 566B
15、 sliver-server_windows.exe 168.88MB
16、 sliver-server_windows.sig 566B