当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0185940

漏洞标题:百度彩票某服务器存在snmp弱口令

相关厂商:百度

漏洞作者: Yeats

提交时间:2016-03-21 10:10

修复时间:2016-05-05 10:56

公开时间:2016-05-05 10:56

漏洞类型:服务弱口令

危害等级:中

自评Rank:5

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-03-21: 细节已通知厂商并且等待厂商处理中
2016-03-21: 厂商已经确认,细节仅向厂商公开
2016-03-31: 细节向核心白帽子及相关领域专家公开
2016-04-10: 细节向普通白帽子公开
2016-04-20: 细节向实习白帽子公开
2016-05-05: 细节向公众公开

简要描述:

百度彩票某服务器存在snmp弱口令,远程SNMP代理支持public口令。

详细说明:

0.png


http://211.100.44.243/
C:\Users\think\Desktop\Tools>snmputil.exe walk 211.100.44.243 public .1.3.6.1.2.1.1
Variable = system.sysDescr.0
Value = String Linux lvs101 2.6.32-431.29.2.el6.x86_64 #1 SMP Tue Sep 9 21:36:05 UTC 2014 x86_64
Variable = system.sysObjectID.0
Value = ObjectID 1.3.6.1.4.1.8072.3.2.10
Variable = system.sysUpTime.0
Value = TimeTicks 3569603946
Variable = system.sysContact.0
Value = String Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
Variable = system.sysName.0
Value = String lvs101
Variable = system.sysLocation.0
Value = String Unknown (edit /etc/snmp/snmpd.conf)
Variable = system.8.0
Value = TimeTicks 14
Variable = system.9.1.2.1
Value = ObjectID 1.3.6.1.6.3.11.2.3.1.1
Variable = system.9.1.2.2
Value = ObjectID 1.3.6.1.6.3.15.2.1.1
Variable = system.9.1.2.3
Value = ObjectID 1.3.6.1.6.3.10.3.1.1
Variable = system.9.1.2.4
Value = ObjectID 1.3.6.1.6.3.1
Variable = system.9.1.2.5
Value = ObjectID 1.3.6.1.2.1.49
Variable = system.9.1.2.6
Value = ObjectID 1.3.6.1.2.1.4
Variable = system.9.1.2.7
Value = ObjectID 1.3.6.1.2.1.50
Variable = system.9.1.2.8
Value = ObjectID 1.3.6.1.6.3.16.2.2.1
Variable = system.9.1.3.1
Value = String The MIB for Message Processing and Dispatching.
Variable = system.9.1.3.2
Value = String The MIB for Message Processing and Dispatching.
Variable = system.9.1.3.3
Value = String The SNMP Management Architecture MIB.
Variable = system.9.1.3.4
Value = String The MIB module for SNMPv2 entities
Variable = system.9.1.3.5
Value = String The MIB module for managing TCP implementations
Variable = system.9.1.3.6
Value = String The MIB module for managing IP and ICMP implementations
Variable = system.9.1.3.7
Value = String The MIB module for managing UDP implementations
Variable = system.9.1.3.8
Value = String View-based Access Control Model for SNMP.
Variable = system.9.1.4.1
Value = TimeTicks 14
Variable = system.9.1.4.2
Value = TimeTicks 14
Variable = system.9.1.4.3
Value = TimeTicks 14
Variable = system.9.1.4.4
Value = TimeTicks 14
Variable = system.9.1.4.5
Value = TimeTicks 14
Variable = system.9.1.4.6
Value = TimeTicks 14
Variable = system.9.1.4.7
Value = TimeTicks 14
Variable = system.9.1.4.8
Value = TimeTicks 14
End of MIB subtree.

漏洞证明:

服务列表:
* festival-speechtools-libs-1.2.96-18.el6
* freeipmi-1.2.1-6.el6_5
* kde-l10n-Chinese-4.3.4-5.el6
* module-init-tools-3.9-21.el6_4
* exiv2-libs-0.18.2-2.1.el6
* kdeartwork-screensavers-4.3.4-7.el6
* freeipmi-bmc-watchdog-1.2.1-6.el6_5
* mailcap-2.1.31-2.el6
* gstreamer-python-0.10.16-1.1.el6
* samba-winbind-clients-3.6.9-169.el6_5
* plymouth-scripts-0.8.3-27.el6.centos.1
* httpd-2.2.15-31.el6.centos
* geoclue-0.11.1.1-0.13.20091026git73b6729.el6
* system-config-date-1.9.60-2.el6.centos
* dbus-c++-0.5.0-0.10.20090203git13281b3.1.el6
* xorg-x11-fonts-misc-7.2-9.1.el6
* tar-1.23-11.el6
* strigi-libs-0.7.0-2.el6
* raptor-1.4.18-5.el6_2.1
* abrt-cli-2.0.8-21.el6.centos
* popt-1.13-7.el6
* mobile-broadband-provider-info-1.20100122-2.el6
* m17n-db-oriya-1.5.5-1.1.el6
* bison-2.4.1-5.el6
* plymouth-graphics-libs-0.8.3-27.el6.centos.1
* perf-2.6.32-431.29.2.el6
* libogg-1.1.4-2.1.el6
* notify-python-0.1.1-10.el6

修复方案:

禁止缺省口令,关服务也行。

版权声明:转载请注明来源 Yeats@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:5

确认时间:2016-03-21 10:56

厂商回复:

感谢对百度安全的关注

最新状态:

暂无


漏洞评价:

评价