当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-078088

漏洞标题:某省会城市政府官方域名DNS域传送

相关厂商:哈尔滨

漏洞作者: Ev1l

提交时间:2014-10-02 10:05

修复时间:2014-11-16 10:06

公开时间:2014-11-16 10:06

漏洞类型:系统/服务运维配置不当

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-10-02: 细节已通知厂商并且等待厂商处理中
2014-10-11: 厂商已经确认,细节仅向厂商公开
2014-10-21: 细节向核心白帽子及相关领域专家公开
2014-10-31: 细节向普通白帽子公开
2014-11-10: 细节向实习白帽子公开
2014-11-16: 细节向公众公开

简要描述:

了解到了这个问题之后就简单写了个小程序 把成果发出来

详细说明:

harbin.gov.cn

漏洞证明:

> ls harbin.gov.cn
[dns.harbin.gov.cn]
harbin.gov.cn. NS server = dns.harbin.gov.cn
#ajb A 61.158.105.83
#by A 61.158.105.84
#cdo A 61.158.105.97
#du A 61.158.105.41
#ero A 61.158.105.89
#fao A 61.158.105.38
#fpc A 218.10.232.26
#ftec A 61.158.105.44
#gab A 61.158.105.34
#hb A 221.208.80.238
#hb A 221.208.87.172
#iib A 61.158.105.87
#lso A 61.158.105.71
#sat A 61.158.105.96
#ta A 61.158.105.27
#ta A 61.158.105.98
#tb A 61.158.99.142
#tsq A 61.158.105.60
#vte A 61.158.105.94
#wsjtjxx A 221.208.80.236
#wtxb A 61.158.105.82
#wtxb1 A 61.158.105.82
ab A 61.158.105.53
achengzfw A 61.158.105.240
asb A 61.158.105.71
bayanzfw A 61.158.105.240
bgt A 61.158.105.162
bingdeng A 61.158.105.74
binxianzfw A 61.158.105.240
btb A 61.158.105.57
bxt A 61.158.105.86
cb A 61.158.105.117
cdo A 61.158.105.72
daolizfw A 61.158.105.240
daowaizfw A 61.158.105.240
dayou A 61.158.105.29
dev A 61.158.105.45
dns A 61.158.105.47
dqw A 218.10.232.41
dx2 A 61.158.105.113
dx3 A 61.158.105.209
fangzhengzfw A 61.158.105.240
fb A 61.158.105.77
fgw A 61.158.99.208
fx A 61.158.105.4
fz A 61.158.105.100
gbjd A 61.158.105.159
gcjs A 61.158.105.180
hd A 61.158.105.93
hjjk A 61.158.105.123
hrbzfwyh A 61.158.105.240
hulanzfw A 61.158.105.240
iem A 61.158.105.102
jf A 61.158.105.84
jfb A 61.158.105.131
jfztc A 61.158.105.85
jk A 61.158.105.101
jk1 A 61.158.105.101
jk2 A 61.158.105.103
jk3 A 61.158.105.113
lb A 61.158.105.70
mab A 61.158.105.76
mail A 61.158.105.11
mailgateway A 61.158.105.23
mho A 61.158.105.49
mulanzfw A 61.158.105.240
nangangzfw A 61.158.105.240
nrab A 61.158.99.161
os A 61.158.105.36
photo A 61.158.105.128
pingfangzfw A 61.158.105.240
postdoctor A 61.158.105.16
sbnd A 221.208.50.2
shangzhizfw A 61.158.105.240
shuangchengzfw A 61.158.105.240
sme A 125.211.218.71
so A 61.158.105.58
songbeizfw A 61.158.105.240
spjk A 61.158.105.122
sql A 61.158.105.223
swrz A 61.158.105.26
ta A 180.86.109.254
tb A 61.180.255.116
tdt A 61.158.105.50
test A 61.158.105.22
test1 A 61.158.105.35
th A 61.158.105.34
tonghezfw A 61.158.105.240
virtual A 61.158.105.10
web1 A 61.158.105.151
web2 A 61.158.105.152
web3 A 61.158.105.224
wsjtjxx A 221.208.87.163
wstjpt A 221.208.80.235
wuchangzfw A 61.158.105.240
wza A 119.10.10.75
wzcp A 61.158.105.39
xfj A 61.158.105.42
xiangfangzfw A 61.158.105.240
xwgl A 61.158.105.125
xzfwzx A 61.158.105.93
xzsp A 218.9.149.56
yanshouzfw A 61.158.105.240
yilanzfw A 61.158.105.240
zf A 61.158.105.166
zfwbgxt A 61.158.105.65
zhidy A 61.158.105.136
zwdt A 61.158.105.5
zwgk A 61.158.105.12
zwgkml A 61.158.105.50
zxft A 61.158.105.92

修复方案:

修复DNS安全设置

版权声明:转载请注明来源 Ev1l@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2014-10-11 10:29

厂商回复:

最新状态:

暂无


漏洞评价:

评论