当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-035562

漏洞标题:钻石小鸟DNS域传送漏洞

相关厂商:钻石小鸟

漏洞作者: izj

提交时间:2013-08-29 10:39

修复时间:2013-10-13 10:39

公开时间:2013-10-13 10:39

漏洞类型:敏感信息泄露

危害等级:低

自评Rank:5

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-08-29: 细节已通知厂商并且等待厂商处理中
2013-09-02: 厂商已经确认,细节仅向厂商公开
2013-09-12: 细节向核心白帽子及相关领域专家公开
2013-09-22: 细节向普通白帽子公开
2013-10-02: 细节向实习白帽子公开
2013-10-13: 细节向公众公开

简要描述:

钻石小鸟dns域传送漏洞
ns2.zbird.com

详细说明:

33days A 114.80.76.12
bbs A 114.80.76.55
beijing CNAME beijing.zbird.com.fastcdn.com
brd A 211.144.151.240
changsha CNAME changsha.zbird.com.fastcdn.com
chengdu CNAME chengdu.zbird.com.fastcdn.com
chongqing CNAME chongqing.zbird.com.fastcdn.com
cmb A 114.80.76.51
color A 114.80.76.12
csonline A 114.80.76.52
email NS bb1dns1.eu.epidm.net
email NS bb1dns1.na.epidm.net
email NS bb1dns2.na.epidm.net
guangzhou CNAME guangzhou.zbird.com.fastcdn.com
hangzhou CNAME hangzhou.zbird.com.fastcdn.com
mail A 114.80.76.56
nanjing CNAME nanjing.zbird.com.fastcdn.com
ningbo CNAME ningbo.zbird.com.fastcdn.com
ns1 A 114.80.76.6
ns2 A 211.144.151.230
ns3 A 114.80.76.6
ns4 A 211.144.151.230
qingdao CNAME qingdao.zbird.com.fastcdn.com
rd NS brd.zbird.com
rd NS srd.zbird.com
selector._domainkey TXT "p=MFwwDQYJKoZIhvcNAQEBBQADSwAwS
AJBALaamzi7uK68OsvzdWfEAMrLXkS6/wqBTDKO8LbH3HwQg9slJHN6VOv5BkS4Ud8E9s/FAD/0dY4to
hzWDr0AQsUCAwEAAQ=="
sender A 114.80.76.40
sender MX 10 sender.zbird.com
shanghai CNAME shanghai.zbird.com.fastcdn.com
srd A 114.80.76.4
tianjin CNAME tianjin.zbird.com.fastcdn.com
uc A 114.80.76.55
wuhan CNAME wuhan.zbird.com.fastcdn.com
www CNAME www.zbird.com.fastcdn.com
www1 A 114.80.76.12
www9 CNAME www9.zbird.ccgslb.com.cn
xian CNAME xian.zbird.com.fastcdn.com
zbird.com. A 114.80.76.12
zbird.com. MX 10 mail.zbird.com
zbird.com. NS ns1.zbird.com
zbird.com. NS ns2.zbird.com
zbird.com. SOA ns1.zbird.com feng.wu.zbird.com. (2013062
602 1200 120 120960 3600)
zbird.com. SOA ns1.zbird.com feng.wu.zbird.com. (2013062
602 1200 120 120960 3600)
zbird.com. TXT "v=spf2.0/pra a mx ip4:203.189.1
70.64/27 ip4:121.37.40.128/26 ip4:220.112.27.128/26 ip4:121.37.43.192/26 ip4:220
.112.29.192/26 ~all"

漏洞证明:

1.jpg

修复方案:

更改服务器配置

版权声明:转载请注明来源 izj@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:1

确认时间:2013-09-02 17:09

厂商回复:

配置上的疏忽,导致问题的发生,感谢白帽给予的关注!同时也提醒我们需要更加的严谨。

最新状态:

暂无