当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-095483

漏洞标题:宜兴政务大厅openssl漏洞

相关厂商:cncert国家互联网应急中心

漏洞作者: ucifer

提交时间:2015-02-04 16:42

修复时间:2015-03-21 16:44

公开时间:2015-03-21 16:44

漏洞类型:系统/服务补丁不及时

危害等级:中

自评Rank:6

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-02-04: 细节已通知厂商并且等待厂商处理中
2015-02-09: 厂商已经确认,细节仅向厂商公开
2015-02-19: 细节向核心白帽子及相关领域专家公开
2015-03-01: 细节向普通白帽子公开
2015-03-11: 细节向实习白帽子公开
2015-03-21: 细节向公众公开

简要描述:

如题~~~~
http://www.yixing.gov.cn:443 存在心脏出血漏洞

详细说明:

QQ截图20150203185030.png


QQ截图20150203185041.png

漏洞证明:

eceived heartbeat response:
  0000: 02 40 00 D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C  .@....SC[...r...
  0010: BC 2B 92 A8 48 97 CF BD 39 04 CC 16 0A 85 03 90  .+..H...9.......
  0020: 9F 77 04 33 D4 DE 00 00 66 C0 14 C0 0A C0 22 C0  .w.3....f.....".
  0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00  !.9.8.........5.
  0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0  ................
  0050: 03 00 0A C0 13 C0 09 C0 1F C0 1E 00 33 00 32 00  ............3.2.
  0060: 9A 00 99 00 45 00 44 C0 0E C0 04 00 2F 00 96 00  ....E.D...../...
  0070: 41 C0 11 C0 07 C0 0C C0 02 00 05 00 04 00 15 00  A...............
  0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01  ................
  0090: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00  ..I...........4.
  00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00  2...............
  00b0: 0A 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00  ................
  00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00  ................
  00d0: 10 00 11 00 23 00 00 00 0F 00 01 01 82 2E 62 54  ....#.........bT
  00e0: 65 E2 9C 35 92 D8 A9 17 04 91 60 31 15 CA B4 61  e..5......`1...a
  00f0: EE 25 4A F7 D9 24 94 5C 20 CC 7E 65 F4 E5 76 8A  .%J..$.\ .~e..v.
  0100: B3 24 C4 29 0F E1 35 AE 4F 51 86 F8 7F 59 0B BA  .$.)..5.OQ...Y..
  0110: FC 9D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D 0D  ................
  0120: 78 69 6E 67 2E 67 6F 76 2E 63 6E 00 0B 00 04 03  xing.gov.cn.....
  0130: 00 01 02 00 0A 00 3A 00 38 00 0E 00 0D 00 19 00  ......:.8.......
  0140: 1C 00 0B 00 0C 00 1B 00 18 00 09 00 0A 00 1A 00  ................
  0150: 16 00 17 00 08 00 06 00 07 00 14 00 15 00 04 00  ................
  0160: 05 00 12 00 13 00 01 00 02 00 03 00 0F 00 10 00  ................
  0170: 11 00 23 00 00 00 0D 00 20 00 1E 06 01 06 02 06  ..#..... .......
  0180: 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03  ................
  0190: 02 03 03 02 01 02 02 02 03 00 05 00 05 01 00 00  ................
  01a0: 00 00 00 0F 00 01 01 20 3C 2F 4C 6F 67 6F 75 74  ....... </Logout
  01b0: 3E 0D 0A 20 20 3C 2F 73 6F 61 70 3A 42 6F 64 79  >..  </soap:Body
  01c0: 3E 0D 0A 3C 2F 73 6F 61 70 3A 45 6E 76 65 6C 6F  >..</soap:Envelo
  01d0: 70 65 3E 2E 33 29 EB 85 CD 0A AD 04 91 8D A7 8D  pe>.3)..........
  01e0: 3D C6 C7 FF 9E 31 02 08 08 08 08 08 08 08 08 08  =....1..........
  01f0: 74 68 69 73 3E 0D 0A 20 20 20 20 3C 2F 44 65 73  this>..    </Des
  0200: 74 72 6F 79 50 72 6F 70 65 72 74 79 46 69 6C 74  troyPropertyFilt
  0210: 65 72 3E 0D 0A 20 20 3C 2F 73 6F 61 70 3A 42 6F  er>..  </soap:Bo
  0220: 64 79 3E 0D 0A 3C 2F 73 6F 61 70 3A 45 6E 76 65  dy>..</soap:Enve
  0230: 6C 6F 70 65 3E 53 FE F0 8A 97 3E 02 FC 01 8E 8D  lope>S....>.....
  0240: 91 14 8C 60 D5 70 85 49 0C 06 06 06 06 06 06 06  ...`.p.I........
  0250: 65 63 74 53 65 74 3E 0D 0A 20 20 20 20 20 20 20  ectSet>..       
  0260: 20 20 20 3C 6F 62 6A 20 78 73 69 3A 74 79 70 65     <obj xsi:type
  0270: 3D 22 4D 61 6E 61 67 65 64 4F 62 6A 65 63 74 52  ="ManagedObjectR
  0280: 65 66 65 72 65 6E 63 65 22 20 74 79 70 65 3D 22  eference" type="
  0290: 56 69 72 74 75 61 6C 4D 61 63 68 69 6E 65 22 20  VirtualMachine" 
  02a0: 73 65 72 76 65 72 47 75 69 64 3D 22 22 3E 32 3C  serverGuid="">2<
  02b0: 2F 6F 62 6A 3E 0D 0A 20 20 20 20 20 20 20 20 3C  /obj>..        <
  02c0: 2F 6F 62 6A 65 63 74 53 65 74 3E 0D 0A 20 20 20  /objectSet>..   
  02d0: 20 20 20 3C 2F 73 70 65 63 53 65 74 3E 0D 0A 20     </specSet>.. 
  02e0: 20 20 20 3C 2F 52 65 74 72 69 65 76 65 50 72 6F     </RetrievePro
  02f0: 70 65 72 74 69 65 73 3E 0D 0A 20 20 3C 2F 73 6F  perties>..  </so
  0300: 61 70 3A 42 6F 64 79 3E 0D 0A 3C 2F 73 6F 61 70  ap:Body>..</soap
  0310: 3A 45 6E 76 65 6C 6F 70 65 3E 7B 6B F6 93 EF 9A  :Envelope>{k....
  0320: A9 11 16 32 86 9C 38 EE F6 A4 01 0F 16 16 01 01  ...2..8.........
  0330: 20 20 20 20 20 20 20 20 3C 70 61 74 68 53 65 74          <pathSet
  0340: 3E 72 75 6E 74 69 6D 65 2E 72 65 63 6F 72 64 52  >runtime.recordR
  0350: 65 70 6C 61 79 53 74 61 74 65 3C 2F 70 61 74 68  eplayState</path
  0360: 53 65 74 3E 0D 0A 20 20 20 20 20 20 20 20 20 20  Set>..          
  0370: 3C 70 61 74 68 53 65 74 3E 63 6F 6E 66 69 67 2E  <pathSet>config.
  0380: 64 65 66 61 75 6C 74 50 6F 77 65 72 4F 70 73 3C  defaultPowerOps<
  0390: 2F 70 61 74 68 53 65 74 3E 0D 0A 20 20 20 20 20  /pathSet>..     
  03a0: 20 20 20 3C 2F 70 72 6F 70 53 65 74 3E 0D 0A 20     </propSet>.. 
  03b0: 20 20 20 20 20 20 20 3C 70 72 6F 70 53 65 74 3E         <propSet>
  03c0: 0D 0A 20 20 20 20 20 20 20 20 20 20 3C 74 79 70  ..          <typ
  03d0: 65 3E 54 61 73 6B 3C 2F 74 79 70 65 3E 0D 0A 20  e>Task</type>.. 
  03e0: 20 20 20 20 20 20 20 20 20 3C 70 61 74 68 53 65           <pathSe
  03f0: 74 3E 69 6E 66 6F 3C 2F 70 61 74 68 53 65 74 3E  t>info</pathSet>
  0400: 0D 0A 20 20 20 20 20 20 20 20 3C 2F 70 72 6F 70  ..        </prop
  0410: 53 65 74 3E 0D 0A 20 20 20 20 20 20 20 20 3C 6F  Set>..        <o
  0420: 62 6A 65 63 74 53 65 74 3E 0D 0A 20 20 20 20 20  bjectSet>..     
  0430: 20 20 20 20 20 3C 6F 62 6A 20 78 73 69 3A 74 79       <obj xsi:ty
  0440: 70 65 3D 22 4D 61 6E 61 67 65 64 4F 62 6A 65 63  pe="ManagedObjec
  0450: 74 52 65 66 65 72 65 6E 63 65 22 20 74 79 70 65  tReference" type
  0460: 3D 22 56 69 72 74 75 61 6C 4D 61 63 68 69 6E 65  ="VirtualMachine
  0470: 22 20 73 65 72 76 65 72 47 75 69 64 3D 22 22 3E  " serverGuid="">
  0480: 32 3C 2F 6F 62 6A 3E 0D 0A 20 20 20 20 20 20 20  2</obj>..       
  0490: 20 20 20 3C 73 65 6C 65 63 74 53 65 74 20 78 73     <selectSet xs
  04a0: 69 3A 74 79 70 65 3D 22 54 72 61 76 65 72 73 61  i:type="Traversa
  04b0: 6C 53 70 65 63 22 3E 0D 0A 20 20 20 20 20 20 20  lSpec">..       
  04c0: 20 20 20 20 20 3C 74 79 70 65 3E 56 69 72 74 75       <type>Virtu
  04d0: 61 6C 4D 61 63 68 69 6E 65 3C 2F 74 79 70 65 3E  alMachine</type>
  04e0: 0D 0A 20 20 20 20 20 20 20 20 20 20 20 20 3C 70  ..            <p
  04f0: 61 74 68 3E 72 65 63 65 6E 74 54 61 73 6B 3C 2F  ath>recentTask</
  0500: 70 61 74 68 3E 0D 0A 20 20 20 20 20 20 20 20 20  path>..         
  0510: 20 3C 2F 73 65 6C 65 63 74 53 65 74 3E 0D 0A 20   </selectSet>.. 
  0520: 20 20 20 20 20 20 20 3C 2F 6F 62 6A 65 63 74 53         </objectS
  0530: 65 74 3E 0D 0A 20 20 20 20 20 20 3C 2F 73 70 65  et>..      </spe
  0540: 63 3E 0D 0A 20 20 20 20 20 20 3C 70 61 72 74 69  c>..      <parti
  0550: 61 6C 55 70 64 61 74 65 73 3E 66 61 6C 73 65 3C  alUpdates>false<
  0560: 2F 70 61 72 74 69 61 6C 55 70 64 61 74 65 73 3E  /partialUpdates>
  0570: 0D 0A 20 20 20 20 3C 2F 43 72 65 61 74 65 46 69  ..    </CreateFi
  0580: 6C 74 65 72 3E 0D 0A 20 20 3C 2F 73 6F 61 70 3A  lter>..  </soap:
  0590: 42 6F 64 79 3E 0D 0A 3C 2F 73 6F 61 70 3A 45 6E  Body>..</soap:En
  05a0: 76 65 6C 6F 70 65 3E 8B C4 4E 1C 19 4A 20 37 A8  velope>..N..J 7.
  05b0: 7A 97 37 99 B7 E3 FD 67 A1 68 03 04 04 04 04 04  z.7....g.h......
  05c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  05d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  05e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  05f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0640: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0650: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0660: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0670: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0690: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  06a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  06b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  06c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  06d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  06e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  06f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0730: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  07a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  07b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  07c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  07d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

修复方案:

升级openssl

版权声明:转载请注明来源 ucifer@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:7

确认时间:2015-02-09 14:27

厂商回复:

CNVD确认并复现所述情况,转由CNCERT下发给江西分中心,由其后续协调网站管理单位处置。

最新状态:

暂无

漏洞评价:

评论