当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-096548

漏洞标题:香港建筑署、路政署dns域传送漏洞

相关厂商:cncert国家互联网应急中心

漏洞作者: 路人甲

提交时间:2015-02-12 11:01

修复时间:2015-03-29 11:02

公开时间:2015-03-29 11:02

漏洞类型:系统/服务运维配置不当

危害等级:高

自评Rank:12

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-02-12: 细节已通知厂商并且等待厂商处理中
2015-02-17: 厂商已经确认,细节仅向厂商公开
2015-02-27: 细节向核心白帽子及相关领域专家公开
2015-03-09: 细节向普通白帽子公开
2015-03-19: 细节向实习白帽子公开
2015-03-29: 细节向公众公开

简要描述:

香港建筑署、路政署,两个大署。。。看看多少数据:

详细说明:

1.建筑署:

F96E0E0B-F6E4-4A16-84DC-0E4A97F918EA.png


路政署:

CF7D61B0-481E-4D8D-879D-033BFB9356A6.png


漏洞证明:

2泄露信息:
建筑暑:

; <<>> DiG 9.8.3-P1 <<>> @ns3.archsd.gov.hk. axfr archsd.gov.hk
; (1 server found)
;; global options: +cmd
archsd.gov.hk.		86400	IN	SOA	ns1.archsd.gov.hk. postmaster.archsd.gov.hk. 2015011201 10800 3600 604800 86400
archsd.gov.hk.		86400	IN	NS	ns2.archsd.gov.hk.
archsd.gov.hk.		86400	IN	NS	ns3.archsd.gov.hk.
archsd.gov.hk.		86400	IN	NS	ns1.archsd.gov.hk.
archsd.gov.hk.		86400	IN	A	59.152.226.167
archsd.gov.hk.		86400	IN	MX	10 mail01.archsd.gov.hk.
archsd.gov.hk.		86400	IN	MX	20 mail02.archsd.gov.hk.
archsd.gov.hk.		86400	IN	TXT	"v=spf1 mx -all"
archsd.gov.hk.		86400	IN	TXT	"spf2.0/pra mx -all"
archsd.gov.hk.		86400	IN	SPF	"v=spf1 mx -all"
dkim._domainkey.archsd.gov.hk. 86400 IN	TXT	"v=DKIM1\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTPYJoVTk8ryLswwKMqPf9ck6yFg94rlS2oCkGgM1+i3At8TcFho2fRtDMkRnwAZo4MEBVf3jPMbsU30wRs//v261RE4VTbrVTw2o6UVkGIxb8wTQTjnbdocc1yZgNyKxWZ9K9ynty1dGCOiUDBJ3zUDb/luBRU8KNiTdaUlQkRAoCgqWiL3Ml0poZIOWYaSmMCuevQZ" "COR4IufBZWfy1CLeITInXjZweGG8q+1mjXhXE9imyqc7vK1+3Z+RDGw6drzB+xe7O0CpDffB9p+5O58v0XZnjBrcmVgZ7gdxilGobLVKW7JzCRBfv8RfdV1e7Tq0h6ZiKgkBn3AYaotUoQIDAQAB\;"
ab.archsd.gov.hk.	86400	IN	MX	10 mail01.archsd.gov.hk.
ab.archsd.gov.hk.	86400	IN	MX	20 mail02.archsd.gov.hk.
apb.archsd.gov.hk.	86400	IN	MX	10 mail01.archsd.gov.hk.
apb.archsd.gov.hk.	86400	IN	MX	20 mail02.archsd.gov.hk.
bsb.archsd.gov.hk.	86400	IN	MX	10 mail01.archsd.gov.hk.
bsb.archsd.gov.hk.	86400	IN	MX	20 mail02.archsd.gov.hk.
cad.archsd.gov.hk.	86400	IN	MX	10 mail01.archsd.gov.hk.
cad.archsd.gov.hk.	86400	IN	MX	20 mail02.archsd.gov.hk.
clms.archsd.gov.hk.	86400	IN	A	103.253.249.19
cmb.archsd.gov.hk.	86400	IN	MX	10 mail01.archsd.gov.hk.
cmb.archsd.gov.hk.	86400	IN	MX	20 mail02.archsd.gov.hk.
ebuildingtours.archsd.gov.hk. 86400 IN	A	59.152.226.178
edms.archsd.gov.hk.	86400	IN	MX	10 mail01.archsd.gov.hk.
edms.archsd.gov.hk.	86400	IN	MX	20 mail02.archsd.gov.hk.
edmscirculate.archsd.gov.hk. 86400 IN	MX	10 mail01.archsd.gov.hk.
edmscirculate.archsd.gov.hk. 86400 IN	MX	20 mail02.archsd.gov.hk.
email.archsd.gov.hk.	86400	IN	MX	10 mail01.archsd.gov.hk.
email.archsd.gov.hk.	86400	IN	MX	20 mail02.archsd.gov.hk.
ftp.archsd.gov.hk.	86400	IN	A	59.152.226.177
gate.archsd.gov.hk.	86400	IN	A	59.152.226.179
gw.archsd.gov.hk.	86400	IN	A	59.152.226.176
gw2.archsd.gov.hk.	86400	IN	A	59.152.226.186
gwkm.archsd.gov.hk.	86400	IN	A	59.152.226.184
hq.archsd.gov.hk.	86400	IN	MX	10 mail01.archsd.gov.hk.
hq.archsd.gov.hk.	86400	IN	MX	20 mail02.archsd.gov.hk.
ims.archsd.gov.hk.	86400	IN	MX	10 mail01.archsd.gov.hk.
ims.archsd.gov.hk.	86400	IN	MX	20 mail02.archsd.gov.hk.
ipv6-host1.archsd.gov.hk. 86400	IN	AAAA	2407:8000:8001:d0f::3
kbdcns01.archsd.gov.hk.	86400	IN	CNAME	ns3.archsd.gov.hk.
mail01.archsd.gov.hk.	86400	IN	A	59.152.226.173
mail02.archsd.gov.hk.	86400	IN	A	59.152.226.174
mainweb.archsd.gov.hk.	86400	IN	CNAME	archsd.gov.hk.
note1.archsd.gov.hk.	86400	IN	CNAME	mail01.archsd.gov.hk.
note2.archsd.gov.hk.	86400	IN	CNAME	mail01.archsd.gov.hk.
ns1.archsd.gov.hk.	86400	IN	A	59.152.226.165
ns2.archsd.gov.hk.	86400	IN	A	59.152.226.166
ns3.archsd.gov.hk.	86400	IN	A	103.253.249.30
pmb.archsd.gov.hk.	86400	IN	MX	10 mail01.archsd.gov.hk.
pmb.archsd.gov.hk.	86400	IN	MX	20 mail02.archsd.gov.hk.
qgons01.archsd.gov.hk.	86400	IN	CNAME	ns1.archsd.gov.hk.
qgons02.archsd.gov.hk.	86400	IN	CNAME	ns2.archsd.gov.hk.
qsb.archsd.gov.hk.	86400	IN	MX	10 mail01.archsd.gov.hk.
qsb.archsd.gov.hk.	86400	IN	MX	20 mail02.archsd.gov.hk.
remote.archsd.gov.hk.	86400	IN	MX	10 mail01.archsd.gov.hk.
remote.archsd.gov.hk.	86400	IN	MX	20 mail02.archsd.gov.hk.
sc.archsd.gov.hk.	86400	IN	A	59.152.226.172
seb.archsd.gov.hk.	86400	IN	MX	10 mail01.archsd.gov.hk.
seb.archsd.gov.hk.	86400	IN	MX	20 mail02.archsd.gov.hk.
sslgw.archsd.gov.hk.	86400	IN	A	59.152.226.182
telsvr.archsd.gov.hk.	86400	IN	CNAME	mail01.archsd.gov.hk.
telsvr1.archsd.gov.hk.	86400	IN	CNAME	mail01.archsd.gov.hk.
telsvr2.archsd.gov.hk.	86400	IN	CNAME	mail02.archsd.gov.hk.
wcag.archsd.gov.hk.	86400	IN	A	59.152.226.185
wcagtrans.archsd.gov.hk. 86400	IN	A	59.152.226.188
web.archsd.gov.hk.	86400	IN	MX	10 mail01.archsd.gov.hk.
web.archsd.gov.hk.	86400	IN	MX	20 mail02.archsd.gov.hk.
world.archsd.gov.hk.	86400	IN	A	59.152.226.168
www.archsd.gov.hk.	86400	IN	CNAME	archsd.gov.hk.
www2.archsd.gov.hk.	86400	IN	A	59.152.226.167
archsd.gov.hk.		86400	IN	SOA	ns1.archsd.gov.hk. postmaster.archsd.gov.hk. 2015011201 10800 3600 604800 86400
;; Query time: 92 msec
;; SERVER: 103.253.249.30#53(103.253.249.30)
;; WHEN: Sun Feb  8 19:58:41 2015
;; XFR size: 71 records (messages 1, bytes 1918)


路政署:

; <<>> DiG 9.8.3-P1 <<>> @ns1.hkbn.net. axfr hyd.gov.hk
; (1 server found)
;; global options: +cmd
hyd.gov.hk.		3600	IN	SOA	ns1.hkbn.net. sysadm.ns1.hkbn.net. 2015020815 3600 1800 604800 3600
hyd.gov.hk.		3600	IN	MX	10 smtp2.hyd.gov.hk.
hyd.gov.hk.		3600	IN	MX	20 smtp1.hyd.gov.hk.
hyd.gov.hk.		3600	IN	MX	30 smtp3.hyd.gov.hk.
hyd.gov.hk.		3600	IN	MX	40 relay.incnets.com.
hyd.gov.hk.		3600	IN	NS	ns1.hkbn.net.
hyd.gov.hk.		3600	IN	NS	ns2.hkbn.net.
hyd.gov.hk.		3600	IN	TXT	"v=spf1 ip4:14.136.216.69 ip4:14.136.216.101 ip4:14.136.216.211 ip4:202.128.252.151 ip4:202.128.253.151 a ~all"
bbs.hyd.gov.hk.		3600	IN	A	118.143.25.106
ecc.hyd.gov.hk.		3600	IN	A	14.136.216.71
ecc.hyd.gov.hk.		3600	IN	A	14.136.216.108
edms.hyd.gov.hk.	3600	IN	A	118.143.25.107
twdc.form.hyd.gov.hk.	3600	IN	CNAME	zone05-twdc.wh.cis.gov.hk.
wcdc.form.hyd.gov.hk.	3600	IN	CNAME	zone05-wcdc.wh.cis.gov.hk.
www.form.hyd.gov.hk.	3600	IN	CNAME	zone05.wh.cis.gov.hk.
www0.form.hyd.gov.hk.	3600	IN	CNAME	dwww0.wh.cis.gov.hk.
gb.hyd.gov.hk.		3600	IN	A	14.136.216.75
iiums.hyd.gov.hk.	3600	IN	A	210.184.118.133
www.iiums.hyd.gov.hk.	3600	IN	A	202.128.252.117
ims.hyd.gov.hk.		3600	IN	A	14.136.216.105
inspection.hyd.gov.hk.	3600	IN	A	202.128.252.178
mains.hyd.gov.hk.	3600	IN	A	202.128.252.165
www.mains.hyd.gov.hk.	3600	IN	A	202.128.252.158
www.mainstest.hyd.gov.hk. 3600	IN	A	202.128.253.156
portal.hyd.gov.hk.	3600	IN	A	14.136.216.104
remote.hyd.gov.hk.	3600	IN	A	14.136.216.110
remoteweb.hyd.gov.hk.	3600	IN	A	14.136.216.111
sftp.hyd.gov.hk.	3600	IN	A	14.136.216.102
smtp1.hyd.gov.hk.	3600	IN	A	14.136.216.101
smtp2.hyd.gov.hk.	3600	IN	A	14.136.216.69
smtp3.hyd.gov.hk.	3600	IN	A	14.136.197.211
sslvpn.hyd.gov.hk.	3600	IN	A	14.136.216.111
webmail.hyd.gov.hk.	3600	IN	A	14.136.216.71
webmail.hyd.gov.hk.	3600	IN	A	14.136.216.108
webmail2.hyd.gov.hk.	3600	IN	A	14.136.216.72
webmail2.hyd.gov.hk.	3600	IN	A	14.136.216.109
webmail3.hyd.gov.hk.	3600	IN	A	14.136.216.73
webmail4.hyd.gov.hk.	3600	IN	A	14.136.216.74
webmail5.hyd.gov.hk.	3600	IN	A	14.136.216.106
www.hyd.gov.hk.		3600	IN	A	14.136.216.70
xpms.hyd.gov.hk.	3600	IN	A	202.128.252.151
xpmssit.hyd.gov.hk.	3600	IN	A	202.128.252.119
xpmsuat.hyd.gov.hk.	3600	IN	A	202.128.252.118
hyd.gov.hk.		3600	IN	SOA	ns1.hkbn.net. sysadm.ns1.hkbn.net. 2015020815 3600 1800 604800 3600
;; Query time: 69 msec
;; SERVER: 203.80.96.8#53(203.80.96.8)
;; WHEN: Sun Feb  8 19:57:47 2015
;; XFR size: 44 records (messages 1, bytes 1162)

修复方案:

限制访问
访问控制

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:6

确认时间:2015-02-17 08:10

厂商回复:

最新状态:

暂无

漏洞评价:

评论