当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2011-03193

漏洞标题:SAE新浪云后端任意文件读取漏洞

相关厂商:新浪

漏洞作者: 80sec

提交时间:2011-11-02 15:18

修复时间:2011-12-02 15:19

公开时间:2011-12-02 15:19

漏洞类型:任意文件遍历/下载

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2011-11-02: 细节已通知厂商并且等待厂商处理中
2011-11-02: 厂商已经确认,细节仅向厂商公开
2011-11-12: 细节向核心白帽子及相关领域专家公开
2011-11-22: 细节向普通白帽子公开
2011-12-02: 细节向实习白帽子公开
2011-12-02: 细节向公众公开

简要描述:

新浪SAE使用了一个不安全的第三方组件,可能导致任意读取后端的文件

详细说明:

http://pma.tools.sinaapp.com/
是一个mysql管理端,使用了phpmyadmin,根据最近80sec在wooyun上发布的phpmyadmin任意文件读取漏洞即可读取其他文件,同时由于该应用部署在比较敏感的后端上,不受沙盒限制

漏洞证明:

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
sysmon:x:60422:60422::/nonexistent:/nologin
sshd:x:500:500::/home/sshd:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
avahi-autoipd:x:100:104:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin
www:x:80:80::/usr/local/sinasrv2:/sbin/nologin
mysql:x:3306:3306::/usr/local/mysql:/sbin/nologin
nagios:x:101:105:nagios:/var/log/nagios:/sbin/nologin
xiongjun:x:3307:3308::/usr/home/xiongjun:/bin/bash
yongri:x:3308:3309::/usr/home/yongri:/bin/bash
xiaoyue1:x:3309:3310::/usr/home/xiaoyue1:/bin/bash
pengjie:x:3310:3311::/usr/home/pengjie:/bin/bash
weiliang:x:3311:3312::/usr/home/weiliang:/bin/bash
wangliang4:x:3312:3313::/usr/home/wangliang4:/bin/bash
yuli3:x:3313:3314::/usr/home/yuli3:/bin/bash
leilei3:x:3315:3316::/usr/home/leilei3:/bin/bash
xixi1:x:3316:3317::/usr/home/xixi1:/bin/bash
001ee000-00281000 r-xp 00000000 fd:01 83285      /usr/lib/libkrb5.so.3.3
00281000-00284000 rw-p 00092000 fd:01 83285      /usr/lib/libkrb5.so.3.3
002ba000-002df000 r-xp 00000000 fd:01 83284      /usr/lib/libk5crypto.so.3.1
002df000-002e0000 rw-p 00025000 fd:01 83284      /usr/lib/libk5crypto.so.3.1
00364000-00391000 r-xp 00000000 fd:01 83286      /usr/lib/libgssapi_krb5.so.2.2
00391000-00392000 rw-p 0002d000 fd:01 83286      /usr/lib/libgssapi_krb5.so.2.2
00394000-003b3000 r-xp 00000000 fd:01 1757638    /lib/libexpat.so.0.5.0
003b3000-003b5000 rw-p 0001e000 fd:01 1757638    /lib/libexpat.so.0.5.0
003b7000-004e3000 r-xp 00000000 fd:01 75901      /usr/lib/libxml2.so.2.6.26
004e3000-004e8000 rw-p 0012c000 fd:01 75901      /usr/lib/libxml2.so.2.6.26
004e8000-004e9000 rw-p 00000000 00:00 0 
00606000-00620000 r-xp 00000000 fd:01 1757619    /lib/ld-2.5.so
00620000-00621000 r--p 00019000 fd:01 1757619    /lib/ld-2.5.so
00621000-00622000 rw-p 0001a000 fd:01 1757619    /lib/ld-2.5.so
00629000-00768000 r-xp 00000000 fd:01 1757620    /lib/libc-2.5.so
00768000-0076a000 r--p 0013f000 fd:01 1757620    /lib/libc-2.5.so
0076a000-0076b000 rw-p 00141000 fd:01 1757620    /lib/libc-2.5.so
0076b000-0076e000 rw-p 00000000 00:00 0 
00770000-00772000 r-xp 00000000 fd:01 1755873    /lib/libdl-2.5.so
00772000-00773000 r--p 00001000 fd:01 1755873    /lib/libdl-2.5.so
00773000-00774000 rw-p 00002000 fd:01 1755873    /lib/libdl-2.5.so
00776000-0079b000 r-xp 00000000 fd:01 1757630    /lib/libm-2.5.so
0079b000-0079c000 r--p 00024000 fd:01 1757630    /lib/libm-2.5.so
0079c000-0079d000 rw-p 00025000 fd:01 1757630    /lib/libm-2.5.so
0079f000-007b2000 r-xp 00000000 fd:01 1757623    /lib/libpthread-2.5.so
007b2000-007b3000 r--p 00013000 fd:01 1757623    /lib/libpthread-2.5.so
007b3000-007b4000 rw-p 00014000 fd:01 1757623    /lib/libpthread-2.5.so
007b4000-007b6000 rw-p 00000000 00:00 0 
007b8000-007ca000 r-xp 00000000 fd:01 70077      /usr/lib/libz.so.1.2.3
007ca000-007cb000 rw-p 00011000 fd:01 70077      /usr/lib/libz.so.1.2.3
007cd000-007d4000 r-xp 00000000 fd:01 1757624    /lib/librt-2.5.so
007d4000-007d5000 r--p 00006000 fd:01 1757624    /lib/librt-2.5.so
007d5000-007d6000 rw-p 00007000 fd:01 1757624    /lib/librt-2.5.so
007d8000-00813000 r-xp 00000000 fd:01 1757632    /lib/libsepol.so.1
00813000-00814000 rw-p 0003b000 fd:01 1757632    /lib/libsepol.so.1
00814000-0081e000 rw-p 00000000 00:00 0 
00820000-00836000 r-xp 00000000 fd:01 1757633    /lib/libselinux.so.1
00836000-00838000 rw-p 00015000 fd:01 1757633    /lib/libselinux.so.1
0083a000-00875000 r-xp 00000000 fd:01 69524      /usr/lib/libcurl.so.3.0.0
00875000-00876000 rw-p 0003b000 fd:01 69524      /usr/lib/libcurl.so.3.0.0
00929000-00a53000 r-xp 00000000 fd:01 1757639    /lib/libcrypto.so.0.9.8e
00a53000-00a66000 rw-p 00129000 fd:01 1757639    /lib/libcrypto.so.0.9.8e
00a66000-00a6a000 rw-p 00000000 00:00 0 
00a6c000-00a75000 r-xp 00000000 fd:01 1755716    /lib/libcrypt-2.5.so
00a75000-00a76000 r--p 00008000 fd:01 1755716    /lib/libcrypt-2.5.so
00a76000-00a77000 rw-p 00009000 fd:01 1755716    /lib/libcrypt-2.5.so
00a77000-00a9e000 rw-p 00000000 00:00 0 
00d05000-00d18000 r-xp 00000000 fd:01 1757627    /lib/libnsl-2.5.so
00d18000-00d19000 r--p 00012000 fd:01 1757627    /lib/libnsl-2.5.so
00d19000-00d1a000 rw-p 00013000 fd:01 1757627    /lib/libnsl-2.5.so
00d1a000-00d1c000 rw-p 00000000 00:00 0 
00d6e000-00d7d000 r-xp 00000000 fd:01 1757642    /lib/libresolv-2.5.so
00d7d000-00d7e000 r--p 0000e000 fd:01 1757642    /lib/libresolv-2.5.so
00d7e000-00d7f000 rw-p 0000f000 fd:01 1757642    /lib/libresolv-2.5.so
00d7f000-00d81000 rw-p 00000000 00:00 0 
00d83000-00d85000 r-xp 00000000 fd:01 1757641    /lib/libkeyutils-1.2.so
00d85000-00d86000 rw-p 00001000 fd:01 1757641    /lib/libkeyutils-1.2.so
00d88000-00d8a000 r-xp 00000000 fd:01 1757643    /lib/libcom_err.so.2.1
00d8a000-00d8b000 rw-p 00001000 fd:01 1757643    /lib/libcom_err.so.2.1
00de7000-00def000 r-xp 00000000 fd:01 83283      /usr/lib/libkrb5support.so.0.1
00def000-00df0000 rw-p 00007000 fd:01 83283      /usr/lib/libkrb5support.so.0.1
03004000-03047000 r-xp 00000000 fd:01 1757644    /lib/libssl.so.0.9.8e
03047000-0304b000 rw-p 00042000 fd:01 1757644    /lib/libssl.so.0.9.8e
08048000-080a2000 r-xp 00000000 fd:01 586304     /usr/local/sinasrv2/sbin/httpd
080a2000-080a5000 rw-p 00059000 fd:01 586304     /usr/local/sinasrv2/sbin/httpd
080a5000-080a8000 rw-p 00000000 00:00 0 
09c1f000-0a1e7000 rw-p 00000000 00:00 0          [heap]
4c49e000-4c5bf000 r-xp 00000000 fd:01 585977     /usr/lib/mysql/libmysqlclient.so.15.0.0
4c5bf000-4c601000 rw-p 00120000 fd:01 585977     /usr/lib/mysql/libmysqlclient.so.15.0.0
4c601000-4c602000 rw-p 00000000 00:00 0 
b6cdf000-b6d60000 rw-p 00000000 00:00 0 
b6d60000-b6d6e000 r-xp 00000000 fd:01 70416      /usr/lib/libmagic.so.1.0.0
b6d6e000-b6d6f000 rw-p 0000e000 fd:01 70416      /usr/lib/libmagic.so.1.0.0
b6d6f000-b6d7d000 r-xp 00000000 fd:01 83701      /usr/local/lib/libsvn_diff-1.so.0.0.0
b6d7d000-b6d7e000 rw-p 0000e000 fd:01 83701      /usr/local/lib/libsvn_diff-1.so.0.0.0
b6d7e000-b6d88000 r-xp 00000000 fd:01 83624      /usr/local/lib/libsvn_delta-1.so.0.0.0
b6d88000-b6d89000 rw-p 00009000 fd:01 83624      /usr/local/lib/libsvn_delta-1.so.0.0.0
b6d89000-b6dc6000 r-xp 00000000 fd:01 83680      /usr/local/lib/libsvn_ra_neon-1.so.0.0.0
b6dc6000-b6dc8000 rw-p 0003d000 fd:01 83680      /usr/local/lib/libsvn_ra_neon-1.so.0.0.0
b6dc8000-b6de0000 r-xp 00000000 fd:01 83294      /usr/lib/libsasl2.so.2.0.22
b6de0000-b6de1000 rw-p 00017000 fd:01 83294      /usr/lib/libsasl2.so.2.0.22
b6de1000-b6df4000 r-xp 00000000 fd:01 83654      /usr/local/lib/libsvn_ra_svn-1.so.0.0.0
b6df4000-b6df5000 rw-p 00012000 fd:01 83654      /usr/local/lib/libsvn_ra_svn-1.so.0.0.0
b6df5000-b6e19000 r-xp 00000000 fd:01 83644      /usr/local/lib/libsvn_fs_fs-1.so.0.0.0
b6e19000-b6e1a000 rw-p 00024000 fd:01 83644      /usr/local/lib/libsvn_fs_fs-1.so.0.0.0
b6e1a000-b6e20000 r-xp 00000000 fd:01 83676      /usr/local/lib/libsvn_ra_local-1.so.0.0.0
b6e20000-b6e21000 rw-p 00005000 fd:01 83676      /usr/local/lib/libsvn_ra_local-1.so.0.0.0
b6e21000-b6e2a000 r-xp 00000000 fd:01 83688      /usr/local/lib/libsvn_ra-1.so.0.0.0
b6e2a000-b6e2b000 rw-p 00008000 fd:01 83688      /usr/local/lib/libsvn_ra-1.so.0.0.0
b6e2b000-b6ea7000 r-xp 00000000 fd:01 83690      /usr/local/lib/libsvn_wc-1.so.0.0.0
b6ea7000-b6ea9000 rw-p 0007b000 fd:01 83690      /usr/local/lib/libsvn_wc-1.so.0.0.0
b6ea9000-b6f66000 r-xp 00000000 fd:01 83619      /usr/local/lib/libsvn_subr-1.so.0.0.0
b6f66000-b6f6a000 rw-p 000bc000 fd:01 83619      /usr/local/lib/libsvn_subr-1.so.0.0.0
b6f6a000-b6f91000 r-xp 00000000 fd:01 83663      /usr/local/lib/libsvn_repos-1.so.0.0.0
b6f91000-b6f92000 rw-p 00026000 fd:01 83663      /usr/local/lib/libsvn_repos-1.so.0.0.0
b6f92000-b6f97000 r-xp 00000000 fd:01 83649      /usr/local/lib/libsvn_fs-1.so.0.0.0
b6f97000-b6f98000 rw-p 00005000 fd:01 83649      /usr/local/lib/libsvn_fs-1.so.0.0.0
b6f98000-b6fe5000 r-xp 00000000 fd:01 83702      /usr/local/lib/libsvn_client-1.so.0.0.0
b6fe5000-b6fe6000 rw-p 0004c000 fd:01 83702      /usr/local/lib/libsvn_client-1.so.0.0.0
b6ff1000-b6fff000 r-xp 00000000 fd:01 618514     /usr/local/sinasrv2/lib/php/extensions/no-debug-non-zts-20060613/svn.so
b6fff000-b7000000 rw-p 0000d000 fd:01 618514     /usr/local/sinasrv2/lib/php/extensions/no-debug-non-zts-20060613/svn.so
b7000000-b7022000 r-xp 00000000 fd:01 618517     /usr/local/sinasrv2/lib/php/extensions/no-debug-non-zts-20060613/dav.so
b7022000-b7023000 rw-p 00021000 fd:01 618517     /usr/local/sinasrv2/lib/php/extensions/no-debug-non-zts-20060613/dav.so
b7023000-b702b000 r-xp 00000000 fd:01 618361     /usr/local/sinasrv2/lib/php/extensions/no-debug-non-zts-20060613/sockets.so
b702b000-b702c000 rw-p 00007000 fd:01 618361     /usr/local/sinasrv2/lib/php/extensions/no-debug-non-zts-20060613/sockets.so
b702c000-b703d000 r-xp 00000000 fd:01 587563     /usr/local/sinasrv2/lib/libmemcached.so.2.0.0
b703d000-b703e000 rw-p 00010000 fd:01 587563     /usr/local/sinasrv2/lib/libmemcached.so.2.0.0
b703e000-b7048000 r-xp 00000000 fd:01 618382     /usr/local/sinasrv2/lib/php/extensions/no-debug-non-zts-20060613/memcached.so
b7048000-b704a000 rw-p 0000a000 fd:01 618382     /usr/local/sinasrv2/lib/php/extensions/no-debug-non-zts-20060613/memcached.so
b704a000-b7055000 r-xp 00000000 fd:01 618512     /usr/local/sinasrv2/lib/php/extensions/no-debug-non-zts-20060613/memcache.so
b7055000-b7056000 rw-p 0000a000 fd:01 618512     /usr/local/sinasrv2/lib/php/extensions/no-debug-non-zts-20060613/memcache.so
b7056000-b7086000 r-xp 00000000 fd:01 79006      /usr/lib/libidn.so.11.5.19
b7086000-b7087000 rw-p 0002f000 fd:01 79006      /usr/lib/libidn.so.11.5.19
b7087000-b7093000 r-xp 00000000 fd:01 618343     /usr/local/sinasrv2/lib/php/extensions/no-debug-non-zts-20060613/curl.so
b7093000-b7094000 rw-p 0000c000 fd:01 618343     /usr/local/sinasrv2/lib/php/extensions/no-debug-non-zts-20060613/curl.so
b7094000-b709a000 r-xp 00000000 fd:01 83322      /usr/lib/libltdl.so.3.1.4
b709a000-b709b000 rw-p 00005000 fd:01 83322      /usr/lib/libltdl.so.3.1.4
b709b000-b70c2000 r-xp 00000000 fd:01 587550     /usr/local/sinasrv2/lib/libmcrypt.so.4.4.8
b70c2000-b70c5000 rw-p 00027000 fd:01 587550     /usr/local/sinasrv2/lib/libmcrypt.so.4.4.8
b70c5000-b70ca000 rw-p 00000000 00:00 0 
b70ce000-b70d4000 r-xp 00000000 fd:01 618350     /usr/local/sinasrv2/lib/php/extensions/no-debug-non-zts-20060613/json.so
b70d4000-b70d5000 rw-p 00005000 fd:01 618350     /usr/local/sinasrv2/lib/php/extensions/no-debug-non-zts-20060613/json.so
b70d5000-b7293000 r-xp 00000000 fd:01 618352     /usr/local/sinasrv2/lib/php/extensions/no-debug-non-zts-20060613/mbstring.so
b7293000-b7295000 rw-p 001be000 fd:01 618352     /usr/local/sinasrv2/lib/php/extensions/no-debug-non-zts-20060613/mbstring.so
b7295000-b7495000 r--p 00000000 fd:01 69201      /usr/lib/locale/locale-archive
b74b4000-b74b8000 r-xp 00000000 fd:01 1755686    /lib/libnss_dns-2.5.so
b74b8000-b74b9000 r--p 00003000 fd:01 1755686    /lib/libnss_dns-2.5.so
b74b9000-b74ba000 rw-p 00004000 fd:01 1755686    /lib/libnss_dns-2.5.so
b74c5000-b74cc000 r--s 00000000 fd:01 162820     /usr/lib/gconv/gconv-modules.cache
b74cc000-b74d6000 rw-s 00000000 00:04 142181832  /dev/zero (deleted)
b74d6000-b74df000 r-xp 00000000 fd:01 1755688    /lib/libnss_files-2.5.so
b74df000-b74e0000 r--p 00008000 fd:01 1755688    /lib/libnss_files-2.5.so
b74e0000-b74e1000 rw-p 00009000 fd:01 1755688    /lib/libnss_files-2.5.so
b74e2000-b74e3000 r-xp 00000000 fd:01 83629      /usr/local/lib/libsvn_fs_util-1.so.0.0.0
b74e3000-b74e4000 rw-p 00000000 fd:01 83629      /usr/local/lib/libsvn_fs_util-1.so.0.0.0
b74e4000-b74eb000 r-xp 00000000 fd:01 618353     /usr/local/sinasrv2/lib/php/extensions/no-debug-non-zts-20060613/mcrypt.so
b74eb000-b74ec000 rw-p 00006000 fd:01 618353     /usr/local/sinasrv2/lib/php/extensions/no-debug-non-zts-20060613/mcrypt.so
b74ec000-b74ee000 r-xp 00000000 fd:01 585978     /usr/local/sinasrv2/lib/httpd/modules/mod_extract_forwarded.so
b74ee000-b74ef000 rw-p 00002000 fd:01 585978     /usr/local/sinasrv2/lib/httpd/modules/mod_extract_forwarded.so
b74ef000-b74f5000 r-xp 00000000 fd:01 586272     /usr/local/sinasrv2/lib/httpd/modules/mod_proxy_http.so
b74f5000-b74f6000 rw-p 00006000 fd:01 586272     /usr/local/sinasrv2/lib/httpd/modules/mod_proxy_http.so
b74f6000-b7506000 r-xp 00000000 fd:01 586267     /usr/local/sinasrv2/lib/httpd/modules/mod_proxy.so
b7506000-b7507000 rw-p 0000f000 fd:01 586267     /usr/local/sinasrv2/lib/httpd/modules/mod_proxy.so
b7507000-b7806000 r-xp 00000000 fd:01 587586     /usr/local/sinasrv2/lib/httpd/modules/libphp5.so
b7806000-b781e000 rw-p 002fe000 fd:01 587586     /usr/local/sinasrv2/lib/httpd/modules/libphp5.so
b781e000-b7823000 rw-p 00000000 00:00 0 
b7823000-b782f000 r-xp 00000000 fd:01 586275     /usr/local/sinasrv2/lib/httpd/modules/mod_rewrite.so
b782f000-b7830000 rw-p 0000b000 fd:01 586275     /usr/local/sinasrv2/lib/httpd/modules/mod_rewrite.so
b7830000-b7832000 r-xp 00000000 fd:01 586221     /usr/local/sinasrv2/lib/httpd/modules/mod_alias.so
b7832000-b7833000 rw-p 00001000 fd:01 586221     /usr/local/sinasrv2/lib/httpd/modules/mod_alias.so
b7833000-b7836000 r-xp 00000000 fd:01 586264     /usr/local/sinasrv2/lib/httpd/modules/mod_mime.so
b7836000-b7837000 rw-p 00002000 fd:01 586264     /usr/local/sinasrv2/lib/httpd/modules/mod_mime.so
b7837000-b7839000 r-xp 00000000 fd:01 586276     /usr/local/sinasrv2/lib/httpd/modules/mod_setenvif.so
b7839000-b783a000 rw-p 00001000 fd:01 586276     /usr/local/sinasrv2/lib/httpd/modules/mod_setenvif.so
b783a000-b783d000 r-xp 00000000 fd:01 586254     /usr/local/sinasrv2/lib/httpd/modules/mod_headers.so
b783d000-b783e000 rw-p 00002000 fd:01 586254     /usr/local/sinasrv2/lib/httpd/modules/mod_headers.so
b783e000-b7842000 r-xp 00000000 fd:01 586279     /usr/local/sinasrv2/lib/httpd/modules/mod_status.so
b7842000-b7843000 rw-p 00004000 fd:01 586279     /usr/local/sinasrv2/lib/httpd/modules/mod_status.so
b7843000-b7847000 r-xp 00000000 fd:01 586260     /usr/local/sinasrv2/lib/httpd/modules/mod_log_config.so
b7847000-b7848000 rw-p 00003000 fd:01 586260     /usr/local/sinasrv2/lib/httpd/modules/mod_log_config.so
b7848000-b784c000 r-xp 00000000 fd:01 586245     /usr/local/sinasrv2/lib/httpd/modules/mod_deflate.so
b784c000-b784d000 rw-p 00003000 fd:01 586245     /usr/local/sinasrv2/lib/httpd/modules/mod_deflate.so
b784d000-b7856000 r-xp 00000000 fd:01 586257     /usr/local/sinasrv2/lib/httpd/modules/mod_include.so
b7856000-b7857000 rw-p 00008000 fd:01 586257     /usr/local/sinasrv2/lib/httpd/modules/mod_include.so
b7857000-b785b000 rw-p 00000000 00:00 0 
b785b000-b785e000 r-xp 00000000 fd:01 1757628    /lib/libuuid.so.1.2
b785e000-b785f000 rw-p 00003000 fd:01 1757628    /lib/libuuid.so.1.2
b785f000-b7884000 r-xp 00000000 fd:01 586291     /usr/local/sinasrv2/lib/libapr-1.so.0.4.2
b7884000-b7885000 rw-p 00024000 fd:01 586291     /usr/local/sinasrv2/lib/libapr-1.so.0.4.2
b7885000-b7886000 rw-p 00000000 00:00 0 
b7886000-b78a3000 r-xp 00000000 fd:01 586296     /usr/local/sinasrv2/lib/libaprutil-1.so.0.3.9
b78a3000-b78a4000 rw-p 0001d000 fd:01 586296     /usr/local/sinasrv2/lib/libaprutil-1.so.0.3.9
b78a4000-b78a5000 rw-p 00000000 00:00 0 
b78a5000-b78a6000 r-xp 00000000 fd:01 586246     /usr/local/sinasrv2/lib/httpd/modules/mod_dir.so
b78a6000-b78a7000 rw-p 00000000 fd:01 586246     /usr/local/sinasrv2/lib/httpd/modules/mod_dir.so
b78a7000-b78a8000 r-xp 00000000 fd:01 586249     /usr/local/sinasrv2/lib/httpd/modules/mod_env.so
b78a8000-b78a9000 rw-p 00000000 fd:01 586249     /usr/local/sinasrv2/lib/httpd/modules/mod_env.so
b78a9000-b78ac000 r-xp 00000000 fd:01 586253     /usr/local/sinasrv2/lib/httpd/modules/mod_filter.so
b78ac000-b78ad000 rw-p 00002000 fd:01 586253     /usr/local/sinasrv2/lib/httpd/modules/mod_filter.so
b78ad000-b78af000 r-xp 00000000 fd:01 586234     /usr/local/sinasrv2/lib/httpd/modules/mod_authz_host.so
b78af000-b78b0000 rw-p 00001000 fd:01 586234     /usr/local/sinasrv2/lib/httpd/modules/mod_authz_host.so
b78b0000-b78b1000 r-xp 00000000 00:00 0          [vdso]
bfad5000-bfaf6000 rw-p 00000000 00:00 0          [stack]

修复方案:

修改限制一些功能或者等待补丁

版权声明:转载请注明来源 80sec@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2011-11-02 15:34

厂商回复:

多谢提供,正在处理中

最新状态:

暂无

漏洞评价:

评论

  1. 2011-11-03 11:57 | 疯狗 认证白帽子 ( 实习白帽子 | Rank:44 漏洞数:2 | 阅尽天下漏洞,心中自然无码。)

    你这个泄了点敏感的东西哦