当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2010-0745

漏洞标题:征途网络Dns域传送漏洞

相关厂商:巨人网络

漏洞作者: 结界师

提交时间:2010-10-29 19:18

修复时间:2010-11-01 12:01

公开时间:2010-11-01 12:01

漏洞类型:网络敏感信息泄漏

危害等级:中

自评Rank:10

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2010-10-29: 细节已通知厂商并且等待厂商处理中
2010-11-01: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

由于征途网络Dns服务器配置不当,导致所有域名dns泄露,可能引起进一步的入侵

详细说明:

漏洞证明:

> server ns2.ztgame.com
Default Server:  ns2.ztgame.com
Address:  125.39.175.125
> ls
Server:  ns2.ztgame.com
Address:  125.39.175.125
DNS request timed out.
    timeout was 2 seconds.
*** Request to ns2.ztgame.com timed-out
> ls ztgame.com
[ns2.ztgame.com]
 ztgame.com.                    NS     server = ns1.ztgame.com
 ztgame.com.                    NS     server = ns2.ztgame.com
 ztgame.com.                    A      222.73.56.246
 09cj                           A      222.73.56.226
 188                            A      222.73.56.233
 a2                             A      192.168.1.210
 account                        A      222.73.225.206
 ztxj.account                   A      218.84.19.44
 adcssrv                        A      220.248.104.164
 analyze                        A      222.73.56.242
 autodiscover                   A      218.80.198.250
 baby1                          A      218.80.198.254
 bbc                            A      210.13.74.218
 bbs                            A      61.129.59.183
 dev.bbs                        A      218.80.242.251
 bbs1                           A      192.168.1.11
 belle1                         A      222.73.56.210
 blog                           A      222.73.94.6
 campus                         A      222.73.56.238
 counter                        A      222.73.110.190
 bbs.counter                    A      222.73.56.199
 dalurep01                      A      203.110.161.157
 dalurep02                      A      125.46.36.75
 daluxiufu01                    A      203.110.161.157
 daluxiufu02                    A      125.46.36.75
 bbs.ddt                        A      180.96.6.175
 diaocha                        A      222.73.56.225
 bbs.dudu                       A      222.73.56.205
 ka.dudu                        A      222.73.56.244
 dudumagic                      A      125.76.235.17
 bbs.els                        A      180.96.6.170
 tg.eos                         A      222.73.110.248
 topic.eos                      A      222.73.56.227
 es                             A      210.13.74.218
 event                          A      222.73.56.242
 expool                         A      220.248.104.164
 fgt-community                  A      58.61.162.232
 fgt-community02                A      58.61.162.236
 fgt-mshome01                   A      58.61.162.104
 fgt-mshome02                   A      58.61.162.105
 fgt-msreport                   A      58.61.162.237
 fgt-mstar01                    A      58.61.162.230
 fgt-mstar02                    A      58.61.162.231
 fgt-session                    A      58.61.162.235
 file                           A      192.168.1.9
 ftphugeman                     A      61.129.59.137
 ftphugeman                     A      61.129.59.138
 ftphugeman                     A      61.129.59.139
 ftphugeman                     A      61.129.59.140
 ftphugeman                     A      121.14.109.10
 ftphugeman                     A      121.14.109.11
 ftphugeman                     A      121.14.109.12
 ftphugeman                     A      121.14.109.13
 ftphugeman                     A      121.14.109.14
 ftphugeman                     A      121.14.109.15
 game                           A      218.80.198.250
 bbs.gd                         A      222.73.56.207
 c1.gd                          A      58.61.162.20
 c1.gd                          A      58.61.162.82
 c1.gd                          A      121.14.109.22
 c1.gd                          A      202.102.61.148
 c2.gd                          A      125.39.175.49
 c2.gd                          A      125.46.13.81
 c2.gd                          A      125.46.13.82
 c2.gd                          A      202.108.53.202
 gh                             A      222.73.94.6
 gszt2                          A      222.73.110.198
 bbs.gx                         A      180.96.6.172
 gxly                           A      180.96.6.173
 hd                             A      222.73.56.223
 hgdouble01                     A      203.110.161.132
 hgdouble01                     A      222.73.30.205
 hgdouble01                     A      222.73.30.206
 hgdouble01                     A      222.73.30.207
 hgdouble01                     A      222.73.30.209
 hgdouble01                     A      222.73.30.211
 hgdouble01                     A      222.73.30.229
 hgdouble01                     A      222.73.214.162
 hgdouble01                     A      222.73.214.168
 hgdouble01                     A      222.73.214.169
 hgdouble01                     A      222.73.214.170
 hgdouble02                     A      60.28.12.145
 hgdouble02                     A      202.99.121.5
 hgdouble02                     A      202.99.121.9
 hgdouble02                     A      202.99.121.20
 hgdouble02                     A      202.99.121.21
 hgdouble02                     A      202.99.121.22
 hgdouble02                     A      202.99.121.23
 hgdouble02                     A      202.99.121.31
 home                           A      222.73.94.6
 huaijiu01                      A      202.102.61.145
 huaijiu01                      A      202.102.61.146
 huaijiu01                      A      202.102.61.147
 huaijiu01                      A      203.110.161.140
 huaijiu01                      A      203.110.165.4
 huaijiu01                      A      203.110.165.240
 huaijiu01                      A      222.73.214.165
 huaijiu01                      A      222.73.214.166
 huaijiu01                      A      222.73.214.167
 huaijiu01                      A      222.73.214.171
 huaijiu01                      A      222.73.214.172
 huaijiu02                      A      60.217.243.135
 huaijiu02                      A      60.217.243.136
 huaijiu02                      A      60.217.243.137
 huaijiu02                      A      202.99.121.9
 huaijiu02                      A      202.99.121.10
 huaijiu02                      A      202.99.121.13
 huaijiu02                      A      202.99.121.14
 im                             A      218.80.198.253
 bbs.images                     A      222.73.56.219
 bbs.images1                    A      222.73.56.199
 imap                           A      218.80.198.250
 industry                       A      192.168.41.74
 bar.jr                         A      222.73.225.206
 bbs.jr                         A      222.73.56.212
 bbs.test.jr                    A      222.73.56.212
 bbs.jr01                       A      180.96.6.171
 jr1                            A      61.129.59.187
 bbs.kok3                       A      222.73.56.213
 bbs1.kok3                      A      222.73.56.216
 club.kok3                      A      180.96.6.143
 ghzm.club.kok3                 A      222.73.94.13
 gongce.kok3                    A      222.73.56.217
 ss.kok3                        A      222.73.56.211
 bbs.test.kok3                  A      222.73.56.213
 topic.kok3                     A      222.73.56.206
 zotac.kok3                     A      222.73.56.217
 ztg.kok3                       A      222.73.56.211
 kokupdate01                    A      222.73.214.163
 kokupdate02                    A      202.99.121.6
 lbhg                           A      222.73.225.207
 bbs.lh                         A      222.73.56.228
 login                          A      222.73.225.209
 bbs.ls                         A      222.73.56.209
 bbs.lszt                       A      222.73.56.209
 luanshi                        A      180.96.6.181
 bbs.luanshi                    A      180.96.6.171
 m                              A      58.61.162.81
 mail                           A      218.80.198.250
 ns1                            A      222.73.33.5
 ns2                            A      125.39.175.125
 oa                             A      192.168.100.216
 oper                           A      192.168.1.9
 bbs.passport                   A      222.73.56.241
 photo                          A      222.66.162.218
 photos1                        A      222.73.56.241
 bbs.pm                         A      180.96.6.174
 pool                           A      116.228.152.106
 pop3                           A      218.80.198.250
 q                              A      222.73.94.6
 scgl                           A      180.96.6.134
 sdtest                         A      222.73.221.85
 shoufei01                      A      222.73.30.201
 shoufei01                      A      222.73.30.202
 shoufei01                      A      222.73.30.203
 shoufei01                      A      222.73.30.205
 shoufei01                      A      222.73.30.206
 shoufei01                      A      222.73.30.207
 shoufei01                      A      222.73.30.208
 shoufei01                      A      222.73.30.209
 shoufei01                      A      222.73.30.211
 shoufei02                      A      60.28.12.141
 shoufei02                      A      60.28.12.142
 shoufei02                      A      60.28.12.144
 shoufei02                      A      60.28.12.145
 shoufei02                      A      202.99.121.5
 shoufei02                      A      202.99.121.9
 sip                            A      220.248.104.164
 smtp                           A      218.80.198.250
 sso                            A      192.168.33.10
 advert.typf                    A      222.73.110.184
 advert-nh01-ct.typf            A      222.73.110.184
 advert-nh01-cu.typf            A      222.73.110.184
 games.typf                     A      222.73.110.162
 games-dev.typf                 A      220.248.104.166
 games-nh01-ct.typf             A      222.73.110.162
 games-nh01-cu.typf             A      112.65.241.8
 launcher.typf                  A      222.73.56.230
 majortom.typf                  A      222.73.110.162
 dl-content.nh01.typf           A      222.73.110.168
 dl-content.nh01-ct.typf        A      222.73.110.168
 games.nh01-ct.typf             A      222.73.110.162
 services.nh01-ct.typf          A      222.73.110.162
 dl-content.nh01-cu.typf        A      222.73.110.168
 games.nh01-cu.typf             A      112.65.241.8
 services.nh01-cu.typf          A      112.65.241.8
 dl-content.nh02.typf           A      222.73.110.168
 dl-content.nh02-ct.typf        A      222.73.110.168
 games.nh02-ct.typf             A      222.73.110.167
 services.nh02-ct.typf          A      222.73.110.167
 dl-content.nh02-cu.typf        A      222.73.110.168
 games.nh02-cu.typf             A      112.65.241.25
 services.nh02-cu.typf          A      112.65.241.25
 npupdate.typf                  A      222.73.110.164
 services.typf                  A      222.73.110.162
 services-dev.typf              A      220.248.104.166
 services-nh01-ct.typf          A      222.73.110.162
 services-nh01-cu.typf          A      112.65.241.8
 dl-content.tj01.typf           A      222.73.110.168
 games.tj01-ct.typf             A      123.150.190.26
 services.tj01-ct.typf          A      123.150.190.26
 games.tj01-cu.typf             A      60.28.123.158
 services.tj01-cu.typf          A      60.28.123.158
 update.typf                    A      202.102.61.173
 wiki.typf                      A      220.248.104.166
 update                         A      203.110.165.241
 updatezlp01                    A      222.73.30.201
 vip                            A      222.73.225.206
 vote                           A      222.73.56.204
 vpn                            A      222.66.162.221
 vpncnc                         A      220.248.104.162
 vpnupdate                      A      218.80.198.234
 wap                            A      58.61.162.76
 web                            A      222.73.225.204
 3g.web                         A      203.110.165.101
 bbs.web                        A      222.73.56.200
 web1                           A      180.96.6.151
 webcs                          A      222.73.225.207
 wftest                         A      192.168.32.240
 wjjl                           A      222.73.94.12
 workflow                       A      192.168.32.251
 bbs.xiaoshagua                 A      222.73.56.198
 xsg                            A      222.73.233.208
 bbs.xsg                        A      222.73.233.208
 game.xsg                       A      222.73.233.208
 home.xsg                       A      222.73.233.208
 main.xsg                       A      222.73.233.208
 pet.xsg                        A      222.73.233.208
 update.xsg                     A      222.73.233.208
 bbs.xt                         A      222.73.56.195
 ydkh                           A      192.168.19.50
 zm                             A      222.73.243.120
 bbs.zt                         A      61.129.59.183
 bbs.zt2                        A      222.73.56.220
 zt2ly                          A      222.73.56.236
 ztblog                         A      61.129.59.186
 bbs.zthj                       A      222.73.56.214
 bbs1.zthj                      A      222.73.110.220
 bbs.ztjd                       A      222.73.56.236
 ztmeinv                        A      61.129.14.158
 audit.ztoa                     A      192.168.100.76
 csms.ztoa                      A      192.168.100.215
 file.ztoa                      A      192.168.4.18
 mantis.ztoa                    A      192.168.100.215
 product.ztoa                   A      192.168.100.215
 sale.ztoa                      A      192.168.100.34
 ztoa.ztoa                      A      192.168.100.216
 bbs.ztsj                       A      222.73.56.218
 bbs1.ztsj                      A      222.73.110.216
 bbs.test.ztsj                  A      222.73.56.218
 ztwebserver                    A      218.80.198.250
 ztxj                           A      218.84.19.45
 bbs.ztxj                       A      218.84.19.45
 zz                             A      180.96.6.135
>

修复方案:

版权声明:转载请注明来源 结界师@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2010-11-01 12:01

厂商回复:

添加对漏洞的补充说明以及做出评价的理由

漏洞Rank:10 (WooYun评价)

最新状态:

暂无

漏洞评价:

评论

  1. 2010-11-01 13:47 | cnyouker ( 普通白帽子 | Rank:134 漏洞数:13 | root it)

    这么重要的东西居然积极忽略?

  2. 2010-11-01 13:49 | xsser 认证白帽子 ( 普通白帽子 | Rank:254 漏洞数:18 | 当我又回首一切,这个世界会好吗?)

    太给力了

  3. 2010-11-01 15:42 | 少帅 ( 实习白帽子 | Rank:59 漏洞数:14 )

    无影响厂商忽略 太牛A了..

  4. 2010-11-01 16:17 | SpookZanG ( 普通白帽子 | Rank:113 漏洞数:15 | 我是……一只.....菜菜菜菜鸟)

    这……忽略……

  5. 2010-11-01 18:52 | xsser 认证白帽子 ( 普通白帽子 | Rank:254 漏洞数:18 | 当我又回首一切,这个世界会好吗?)

    还是补了阿 哈哈哈 ~~

  6. 2010-11-02 16:07 | 结界师 认证白帽子 ( 普通白帽子 | Rank:564 漏洞数:27 | 只是另外的一只结界师!)

    偷偷修了