当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0119852

漏洞标题:乐视网Docker WEB管理界面弱口令导致docker容器沦陷

相关厂商:乐视网

漏洞作者: zph

提交时间:2015-06-11 19:10

修复时间:2015-07-26 19:54

公开时间:2015-07-26 19:54

漏洞类型:后台弱口令

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-11: 细节已通知厂商并且等待厂商处理中
2015-06-11: 厂商已经确认,细节仅向厂商公开
2015-06-21: 细节向核心白帽子及相关领域专家公开
2015-07-01: 细节向普通白帽子公开
2015-07-11: 细节向实习白帽子公开
2015-07-26: 细节向公众公开

简要描述:

来个关于Docker的案例~

详细说明:

url:http://123.125.89.227:8080/
shipyard默认密码未修改:admin/shipyard

1.png


2.png


3.png


容器:

ID	Name	CPUs	Memory	State	Type
d41cb052aca9 10.160.140.32:5000/base-release:latest 2048 MB running
38cc9870feaa 10.160.140.32:5000/base-release:latest 2048 MB running
110a64c78b6d 10.160.140.32:5000/base-release:latest 2048 MB running
7c0f6b4323d3 10.160.140.32:5000/base-release:latest 2048 MB running
e6d47c8aaec1 10.160.140.32:5000/base-release:latest 2048 MB running
9829ca39e9a4 10.160.140.32:5000/base-release:latest 2048 MB running
1a68d70a3cd4 10.160.140.32:5000/base-release:latest 2048 MB running
f0b6cd6372e7 shipyard/shipyard-cli:latest 2048 MB running
dfaa1310351d shipyard/shipyard:latest 2048 MB running
49c54d1cddc1 shipyard/rethinkdb:latest 2048 MB running
e7338916d358 10.160.140.32:5000/base-release:latest 2048 MB running
990f2cc79dd4 10.160.140.32:5000/base-release:latest 2048 MB running
fddbdcf169ca ubuntu:14.04 2048 MB running
a5e1d29f0b2e 10.126.88.240:5000/letv-centos6:latest 2048 MB running
f91a9c9ed589 10.126.88.240:5000/letv-centos6:latest 2048 MB running
af25a535ef99 10.126.88.240:5000/letv-centos6:latest 2048 MB running
2d113c605a17 10.160.140.32:5000/base-release:latest 2048 MB running
d86c25ac5202 10.160.140.32:5000/base-release:latest 2048 MB running
f64f09be41eb 10.160.140.32:5000/base-release:latest 2048 MB stopped
c77237c97645 10.160.140.32:5000/base-release:latest 2048 MB stopped
e0b9b20adc57 10.160.140.32:5000/base-release:latest 2048 MB running
1888671935b7 10.160.140.32:5000/base-release:latest 2048 MB running
ac816d934b93 10.160.140.32:5000/base-release:latest 2048 MB running
24c6e3bd0568 10.160.140.32:5000/base-release:latest 2048 MB running
8b29001f2526 10.160.140.32:5000/base-release:latest 2048 MB running
4dfd461b85d7 8639568066a8 2048 MB stopped
9e2ac9d28316 10.160.140.32:5000/base-release:latest 2048 MB running
5e37f0da145c c041175b1d1b 2048 MB running
3494968ab714 874a6de806e3 2048 MB running
86995f36c9de 874a6de806e3 2048 MB stopped
097f3f26b950 874a6de806e3 2048 MB stopped
8ec754f74f67 874a6de806e3 2048 MB stopped
7ed4328afcc7 4740c88b2633 2048 MB stopped
4e7c16bd4088 4740c88b2633 2048 MB stopped
bffde9231556 4740c88b2633 2048 MB stopped
3bd51721a791 4740c88b2633 2048 MB stopped
e64685bc6497 4740c88b2633 2048 MB stopped
47d67fe0c2df 093798067c73 2048 MB stopped
4adf421c1f11 10.160.140.32:5000/sdns-image:v0.1-beta-47-g75b0060 2048 MB running
8331a52843f3 10.160.140.32:5000/base-release:latest 2048 MB running
192c61b35dc8 10.160.140.32:5000/base-release:latest 2048 MB running
367bf37cbfe1 10.160.140.32:5000/base-release:latest 2048 MB running
826538e3c33b 10.160.140.32:5000/base-release:latest 2048 MB running
81b06adf7cdf borja/unixbench:latest 2048 MB stopped
46bdd9c329d8 borja/unixbench:latest 2048 MB stopped
05e7c345daa2 10.160.140.32:5000/base-release:latest 0.96 256 MB stopped unique
7a5e284f1c92 10.160.140.32:5000/base-release:latest 0.96 256 MB stopped service
57252add87c8 10.160.140.32:5000/base-release:latest 0.96 256 MB stopped service
806d9277dc33 10.160.140.32:5000/base-release:latest 2048 MB running
e41f56772412 docker_index:latest 2048 MB running
a98bb094bc4f dockerfile/redis:latest 2048 MB running
c0d21a2e9c43 registry:0.8.1 2048 MB running


可create

4.png

漏洞证明:

1.png

修复方案:

修改弱口令,增强安全意识,没特殊必要的情况下平台不要对外网开放

版权声明:转载请注明来源 zph@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:7

确认时间:2015-06-11 19:53

厂商回复:

感谢提交!是测试系统,目前已做下线处理。^_^

最新状态:

暂无


漏洞评价:

评论

  1. 2015-06-11 22:41 | 我是壮丁 认证白帽子 ( 路人 | Rank:10 漏洞数:1 | 专业打酱油)

    。。。。。。。。

  2. 2015-07-26 20:50 | sutdy ( 普通白帽子 | Rank:101 漏洞数:33 | 0.0)

    。。。。。。。。。