当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0169973

漏洞标题:利安人寿某处命令执行root权限直入内网

相关厂商:利安人寿

漏洞作者: sqlfeng

提交时间:2016-01-15 02:34

修复时间:2016-02-27 11:49

公开时间:2016-02-27 11:49

漏洞类型:命令执行

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-01-15: 细节已通知厂商并且等待厂商处理中
2016-01-19: 厂商已经确认,细节仅向厂商公开
2016-01-29: 细节向核心白帽子及相关领域专家公开
2016-02-08: 细节向普通白帽子公开
2016-02-18: 细节向实习白帽子公开
2016-02-27: 细节向公众公开

简要描述:

利安人寿某处命令执行,root权限,直入内网

详细说明:

**.**.**.**/
weblogic java反序列化命令执行

漏洞证明:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 **.**.**.**:13782 **.**.**.**:* LISTEN
tcp 0 0 **.**.**.**:22 **.**.**.**:* LISTEN
tcp 0 0 **.**.**.**:631 **.**.**.**:* LISTEN
tcp 0 0 **.**.**.**:49143 **.**.**.**:* LISTEN
tcp 0 0 **.**.**.**:25 **.**.**.**:* LISTEN
tcp 0 0 **.**.**.**:13724 **.**.**.**:* LISTEN
tcp 0 0 **.**.**.**:111 **.**.**.**:* LISTEN
tcp 0 0 **.**.**.**:35952 **.**.**.**:* LISTEN
tcp 0 0 **.**.**.**:1556 **.**.**.**:* LISTEN
tcp 0 0 **.**.**.**:1557 **.**.**.**:* LISTEN
tcp 0 0 **.**.**.**:54242 **.**.**.**:35952 ESTABLISHED
tcp 0 0 **.**.**.**:54244 **.**.**.**:35952 ESTABLISHED
tcp 0 0 **.**.**.**:22 **.**.**.**:59681 ESTABLISHED
tcp 0 0 **.**.**.**:58735 **.**.**.**:445 ESTABLISHED
tcp 0 0 **.**.**.**:35952 **.**.**.**:54244 ESTABLISHED
tcp 0 0 **.**.**.**:35952 **.**.**.**:54242 ESTABLISHED
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 ::1:631 :::* LISTEN
tcp 0 0 ::1:25 :::* LISTEN
tcp 0 0 :::36218 :::* LISTEN
tcp 0 0 :::40001 :::* LISTEN
tcp 0 0 ::1:9002 :::* LISTEN
tcp 0 0 ::ffff:**.**.**.**:9002 :::* LISTEN
tcp 0 0 fe80::9e8e:99ff:fe31:3:9002 :::* LISTEN
tcp 0 0 fe80::9e8e:99ff:fe31:3:9002 :::* LISTEN
tcp 0 0 ::ffff:**.**.**.**:9002 :::* LISTEN
tcp 0 0 :::111 :::* LISTEN
tcp 0 0 fe80::9e8e:99ff:fe31:3bc:80 :::* LISTEN
tcp 0 0 ::ffff:**.**.**.**:80 :::* LISTEN
tcp 0 0 ::1:80 :::* LISTEN
tcp 0 0 fe80::9e8e:99ff:fe31:3bc:80 :::* LISTEN
tcp 0 0 ::ffff:**.**.**.**:80 :::* LISTEN
tcp 0 0 :::1556 :::* LISTEN
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:46666 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:41039 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:46685 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:46704 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:46723 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:46799 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:41153 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:57433 ::ffff:**.**.**.**:1521 ESTABLISHED
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:41096 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**00:44989 ESTABLISHED
tcp 0 0 ::ffff:**.**.**.**:57426 ::ffff:**.**.**.**:1521 ESTABLISHED
tcp 0 0 ::ffff:**.**.**.**:57430 ::ffff:**.**.**.**:1521 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:46761 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:53184 ESTABLISHED
tcp 0 0 ::ffff:**.**.**.**:57423 ::ffff:**.**.**.**:1521 ESTABLISHED
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:41115 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:41001 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:37466 ::ffff:**.**.**.**:1521 ESTABLISHED
tcp 0 0 ::ffff:**.**.**.**:37458 ::ffff:**.**.**.**:1521 ESTABLISHED
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:41020 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:33858 ::ffff:**.**.**.**:1521 ESTABLISHED
tcp 0 0 ::ffff:**.**.**.**:57434 ::ffff:**.**.**.**:1521 ESTABLISHED
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:41077 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**00:3403 ESTABLISHED
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:46837 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:57428 ::ffff:**.**.**.**:1521 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:41134 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:37454 ::ffff:**.**.**.**:1521 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:41191 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:46818 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**00:37038 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:46856 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:41172 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:58465 ::ffff:**.**.**.**:1521 ESTABLISHED
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:46742 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:58464 ::ffff:**.**.**.**:1521 ESTABLISHED
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:46780 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**:41058 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:57432 ::ffff:**.**.**.**:1521 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:80 ::ffff:**.**.**.**00:56166 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:58456 ::ffff:**.**.**.**:1521 TIME_WAIT
tcp 0 0 ::ffff:**.**.**.**:37457 ::ffff:**.**.**.**:1521 ESTABLISHED


QQ截图20160114004518.png


QQ截图20160114035520.png

修复方案:

版权声明:转载请注明来源 sqlfeng@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2016-01-19 11:49

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT下发给江苏分中心,由其后续协调网站管理单位处置.

最新状态:

暂无


漏洞评价:

评价