当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-044094

漏洞标题:荆楚网dns域传送漏洞

相关厂商:荆楚网

漏洞作者: LineZero

提交时间:2013-11-26 16:07

修复时间:2014-01-10 16:08

公开时间:2014-01-10 16:08

漏洞类型:系统/服务运维配置不当

危害等级:中

自评Rank:8

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-11-26: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-01-10: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

dns域传送漏洞

详细说明:

荆楚网dns域传送漏洞
server ns2.cnhubei.com
ls cnhubei.com

漏洞证明:

1.jpg


> ls cnhubei.com
[ns2.cnhubei.com]
cnhubei.com. NS server = ns1.cnhubei.com
cnhubei.com. NS server = ns2.cnhubei.com
cnhubei.com. NS server = ns3.cnhubei.com
cnhubei.com. NS server = ns4.cnhubei.com
cnhubei.com. NS server = dns1.cnhubei.com
cnhubei.com. NS server = dns2.cnhubei.com
cnhubei.com. NS server = dns3.cnhubei.com
cnhubei.com. NS server = dns4.cnhubei.com
cnhubei.com. A 59.175.181.249
2sc.auto A 58.215.186.154
c241 A 59.175.153.241
c242 A 59.175.153.242
c243 A 59.175.153.243
c244 A 59.175.153.244
c247 A 59.175.153.247
c248 A 59.175.153.248
c249 A 59.175.153.249
c250 A 59.175.153.250
c251 A 59.175.153.251
c252 A 59.175.153.252
c253 A 59.175.153.253
c254 A 59.175.153.254
c60 A 59.175.238.60
c61 A 59.175.238.61
c62 A 59.175.238.62
c63 A 59.175.238.63
c64 A 59.175.238.64
c65 A 59.175.238.65
c66 A 59.175.238.66
c67 A 59.175.238.67
c92 A 59.175.238.92
c93 A 59.175.238.93
dns1 A 59.175.181.230
dns2 A 219.140.171.198
dns3 A 113.57.131.198
dns4 A 59.175.153.243
ftp NS server = ns1.ftp.cnhubei.com
ftp NS server = ns2.ftp.cnhubei.com
ftp A 219.140.171.8
ns1.ftp A 219.140.171.82
ns2.ftp A 220.249.109.218
gt A 111.74.238.5
hbtc A 58.49.61.59
yihu.health A 61.131.3.201
jkkx A 119.161.212.199
n62 A 202.103.41.62
ns1 A 59.175.181.230
ns2 A 219.140.171.198
ns3 A 113.57.131.198
ns4 A 59.175.153.243
s A 125.77.194.146
s100 A 27.17.40.100
s101 A 27.17.40.101
s102 A 27.17.40.102
s103 A 27.17.40.103
s104 A 27.17.40.104
s105 A 27.17.40.105
s106 A 27.17.40.106
s107 A 27.17.40.107
s108 A 27.17.40.108
s109 A 27.17.40.109
s111 A 27.17.40.111
s112 A 27.17.40.112
s114 A 27.17.40.114
s115 A 27.17.40.115
s116 A 27.17.40.116
s117 A 27.17.40.117
s118 A 27.17.40.118
s119 A 27.17.40.119
s121 A 27.17.40.121
s122 A 27.17.40.122
s123 A 27.17.40.123
s124 A 27.17.40.124
s125 A 27.17.40.125
s225 A 59.175.181.225
s226 A 59.175.181.226
s227 A 59.175.181.227
s228 A 59.175.181.228
s229 A 59.175.181.229
s230 A 59.175.181.230
s231 A 59.175.181.231
s232 A 59.175.181.232
s233 A 59.175.181.233
s234 A 59.175.181.234
s235 A 59.175.181.235
s236 A 59.175.181.236
s237 A 59.175.181.237
s238 A 59.175.181.238
s239 A 59.175.181.239
s240 A 59.175.181.240
s241 A 59.175.181.241
s242 A 59.175.181.242
s243 A 59.175.181.243
s245 A 59.175.181.245
s246 A 59.175.181.246
s247 A 59.175.181.247
s250 A 59.175.181.250
s253 A 59.175.181.253
s57 A 59.175.238.57
s66 A 27.17.40.66
s67 A 27.17.40.67
s68 A 27.17.40.68
s69 A 27.17.40.69
s70 A 27.17.40.70
s71 A 27.17.40.71
s72 A 27.17.40.72
s73 A 27.17.40.73
s74 A 27.17.40.74
s75 A 27.17.40.75
s76 A 27.17.40.76
s77 A 27.17.40.77
s79 A 27.17.40.79
s98 A 27.17.40.98
s99 A 27.17.40.99
vpn NS server = ns1.vpn.cnhubei.com
vpn NS server = ns2.vpn.cnhubei.com
vpn A 219.140.171.8
ns1.vpn A 219.140.171.82
ns2.vpn A 220.249.109.218
> server dns1.cnhubei.com
默认服务器: dns1.cnhubei.com
Address: 219.140.171.198
> ls cnhubei.com
[dns1.cnhubei.com]
cnhubei.com. NS server = ns1.cnhubei.com
cnhubei.com. NS server = ns2.cnhubei.com
cnhubei.com. NS server = ns3.cnhubei.com
cnhubei.com. NS server = ns4.cnhubei.com
cnhubei.com. NS server = dns1.cnhubei.com
cnhubei.com. NS server = dns2.cnhubei.com
cnhubei.com. NS server = dns3.cnhubei.com
cnhubei.com. NS server = dns4.cnhubei.com
cnhubei.com. A 59.175.181.249
2sc.auto A 58.215.186.154
c241 A 59.175.153.241
c242 A 59.175.153.242
c243 A 59.175.153.243
c244 A 59.175.153.244
c247 A 59.175.153.247
c248 A 59.175.153.248
c249 A 59.175.153.249
c250 A 59.175.153.250
c251 A 59.175.153.251
c252 A 59.175.153.252
c253 A 59.175.153.253
c254 A 59.175.153.254
c60 A 59.175.238.60
c61 A 59.175.238.61
c62 A 59.175.238.62
c63 A 59.175.238.63
c64 A 59.175.238.64
c65 A 59.175.238.65
c66 A 59.175.238.66
c67 A 59.175.238.67
c92 A 59.175.238.92
c93 A 59.175.238.93
dns1 A 59.175.181.230
dns2 A 219.140.171.198
dns3 A 113.57.131.198
dns4 A 59.175.153.243
ftp NS server = ns1.ftp.cnhubei.com
ftp NS server = ns2.ftp.cnhubei.com
ftp A 219.140.171.8
ns1.ftp A 219.140.171.82
ns2.ftp A 220.249.109.218
gt A 111.74.238.5
hbtc A 58.49.61.59
yihu.health A 61.131.3.201
jkkx A 119.161.212.199
n62 A 202.103.41.62
ns1 A 59.175.181.230
ns2 A 219.140.171.198
ns3 A 113.57.131.198
ns4 A 59.175.153.243
s A 125.77.194.146
s100 A 27.17.40.100
s101 A 27.17.40.101
s102 A 27.17.40.102
s103 A 27.17.40.103
s104 A 27.17.40.104
s105 A 27.17.40.105
s106 A 27.17.40.106
s107 A 27.17.40.107
s108 A 27.17.40.108
s109 A 27.17.40.109
s111 A 27.17.40.111
s112 A 27.17.40.112
s114 A 27.17.40.114
s115 A 27.17.40.115
s116 A 27.17.40.116
s117 A 27.17.40.117
s118 A 27.17.40.118
s119 A 27.17.40.119
s121 A 27.17.40.121
s122 A 27.17.40.122
s123 A 27.17.40.123
s124 A 27.17.40.124
s125 A 27.17.40.125
s225 A 59.175.181.225
s226 A 59.175.181.226
s227 A 59.175.181.227
s228 A 59.175.181.228
s229 A 59.175.181.229
s230 A 59.175.181.230
s231 A 59.175.181.231
s232 A 59.175.181.232
s233 A 59.175.181.233
s234 A 59.175.181.234
s235 A 59.175.181.235
s236 A 59.175.181.236
s237 A 59.175.181.237
s238 A 59.175.181.238
s239 A 59.175.181.239
s240 A 59.175.181.240
s241 A 59.175.181.241
s242 A 59.175.181.242
s243 A 59.175.181.243
s245 A 59.175.181.245
s246 A 59.175.181.246
s247 A 59.175.181.247
s250 A 59.175.181.250
s253 A 59.175.181.253
s57 A 59.175.238.57
s66 A 27.17.40.66
s67 A 27.17.40.67
s68 A 27.17.40.68
s69 A 27.17.40.69
s70 A 27.17.40.70
s71 A 27.17.40.71
s72 A 27.17.40.72
s73 A 27.17.40.73
s74 A 27.17.40.74
s75 A 27.17.40.75
s76 A 27.17.40.76
s77 A 27.17.40.77
s79 A 27.17.40.79
s98 A 27.17.40.98
s99 A 27.17.40.99
vpn NS server = ns1.vpn.cnhubei.com
vpn NS server = ns2.vpn.cnhubei.com
vpn A 219.140.171.8
ns1.vpn A 219.140.171.82
ns2.vpn A 220.249.109.218

修复方案:

百度一下方法应该很多

版权声明:转载请注明来源 LineZero@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝