当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-057996

漏洞标题:腾讯大量openssl心脏出血漏洞依旧未修复可导致数据泄漏

相关厂商:腾讯

漏洞作者: 路人甲

提交时间:2014-04-21 22:32

修复时间:2014-06-05 22:33

公开时间:2014-06-05 22:33

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-04-21: 细节已通知厂商并且等待厂商处理中
2014-04-22: 厂商已经确认,细节仅向厂商公开
2014-05-02: 细节向核心白帽子及相关领域专家公开
2014-05-12: 细节向普通白帽子公开
2014-05-22: 细节向实习白帽子公开
2014-06-05: 细节向公众公开

简要描述:

腾讯大量openssl心脏出血漏洞依旧未修复可导致数据泄漏

详细说明:

# 描述
腾讯很多服务器的修复方式可能只是简单的通过WAF建立一个规则去拦截EXP,
而WAF规则可被绕过,或者说是规则不完整,没有拦截到特定版本的EXP。

version = []
version.append(['SSL 3.0','03 00'])
version.append(['TLS 1.0','03 01'])
version.append(['TLS 1.1','03 02'])
version.append(['TLS 1.2','03 03'])


# 受影响主机列表 (简单列举,就不列出更多了)

119.147.254.186
183.60.15.178	 
119.147.254.58	
113.108.70.177	
113.108.70.176	
113.105.73.156	
113.105.73.147	
113.105.73.136	
113.105.73.155	
183.60.217.26		
183.60.217.28	 
183.60.217.27	 
113.108.20.85	 
113.108.20.81	 
113.105.137.47	
113.105.137.48	
113.105.137.49	
183.62.104.190	
112.90.136.154	
101.227.130.120
163.177.153.29	
112.90.86.35	 
119.167.195.46	
119.167.195.63	
119.167.195.62	
120.33.50.134	 
120.33.50.135	 
120.198.189.53	
112.90.141.233	
112.90.141.232	
123.151.38.145	
123.151.38.144	
112.90.141.105	
117.135.130.154
183.60.7.169		
122.193.23.37	 
119.147.2.30	 
122.193.23.165	
183.60.11.176


漏洞证明:

# res.wx.qq.com 微信某服务器

weixin.jpg


# 泄露数据

IP:112.90.136.154:443
存在openssl 信息泄露: 
[email protected].{....M^..EF.H... G..\.ff..d.t........n@6].........H.........9.8.......5.........E.D.f.3.2...........A...../..............................ssl.qq.com........................#...~..$4....pNm...WB..`.C.^.....@>R...FM.;....|W.y.p...!.9<RQ/<\R...X.f...erwx!.E..A.|.......=2.....|k...:2.tT.....^.6.^....P!.M.&...k......f84.XC...).f.j..q.v..&.q}.Fa=.....Q............/verify.qq.com/webkit/vip_roaming.html?isvip=1&param=634366009&version=5101&pgsrc=&lang=2052..Accept-Encoding: gzip,deflate..Accept-Language: zh-CN..Accept-Charset: *,utf-8..Cookie: pt2gguin=o0751084788; uin=o0751084788; skey=@xkzAIvMiY; ptisp=cnc; RK=6mHTNS3x/u; ptcz=26bd145a75b3d9fa27b1c275683d1a900b53aeefab942530ce3edf5c4accb19c; pgv_pvid=1733677092; pgv_info=ssid=s9199956824......u6..`5....Q]....].................5p.~......I..(`.8J...g..q....b.....2d17168adee3de235c.....d&+........k.fm.....].p..%.q.h..T.Y3..*.m.(.W.#.$|...).......ge."....W...r.jDT.d.Et..B5....' Y....A.v. ..~K...[.....rl=http%3A//reg.t.qq.com/index.php&proxy_url=http://t.qq.com/proxy_t.html&s_url=http%3A%2F%2Fsearch.t.qq.com%2Findex.php%3Fpos%3D201%26su%3D1%26smart%3D1%26k%3D%25E7%2583%2582%25E6%25B3%25A5%25E6%259D%2591%26p%3D1%26s_advanced%3D1%26s_hot%3D0%26s_time%3D20140322%252C20140421&daid=6..Accept: */*..Cookie: qq_slist_autoplay=on; lv_irt_id=7089bb8269ad8c988779fddfffa00d39; pgv_pvi=6604813312; mb_reg_from=8; wbilang_1158474972=zh_CN; wbilang_10000=zh_CN; pgv_si=s8605636608; RK=qrMSu2awdO; wbilang_2759862881=zh_CN; home_silentUserJump=1; wb_regf=%3B0%3B%3Bapi1.t.qq.com%3B0; wbilang_2093212376=zh_CN; wbilang_2093355831=zh_CN; wbilang_744427518=zh_CN; wbilang_1302065722=zh_CN; arp_scroll_position=192; ts_refer=search.t.qq.com/index.php; ptisp=ctc; luin=o2799097084; skey=@XH5IVaRt5; p_skey=eeNLcWDSdS5s6-IeCZI799DVCtqtqL3zB66EbBYcXQo_; p_lskey=00040000ddb02963e49272a18708b7bf2e2da8afee06953187be7a0eed1653aa77e2140274ca48d62d1e2a06; wbilang_2799097084=zh_CN; ts_last=search.t.qq.com/index.php; ts_uid=4073387960; pgv_info=ssid=s8761384970; pgv_pvid=4991519906; o_cookie=2799097084..Connection: Keep-Alive..Accept-Encoding: gzip..Accept-Language: en-US,*..Host: ssl.qq.com....ahz........=...*.:.D....1333198002.1397966077.1398045111.1398058479.4; __utmz=136017777.1397971599.2.2.utmcsr=v.qq.com|utmccn=(referral)|utmcmd=referral|utmcct=/cover/7/7qs9di1f8djdo9v.html; __utmv=136017777.|1=source=15043=1; v6uin=; uin_cookie=463683446; euin_cookie=EAD7EF2441E26E22BD8507727A0AE88205DE1F870D13F3E4; rv2=80E0624E17E9E9419116606CB95C2ED78520DEBDABE4B669D3; property20=D4BE1CCC7B42D5CCCA198543FE27FB2EACE88AC7A46D207B0D70CAC03E04138C753942B58B0BA624; qqmusic_uin=12345678; qqmusic_key=12345678; qqmusic_fromtag=6; pgv_info=ssid=s8373692000&pgvReferrer=; __utmc=136017777; uin=o1428184585; skey=@BA5nxF7m8; ptisp=cnc; pgv_si=s8450722816; uikey=16708e13b3ae824736dddb0d94f281ec331d269b3856f94d3357a8f5b1bd7d62.....Z.....*..{[email protected]%2525252Findex.php%2525252Fauth%2525252Ftqqlogin%252526checkStatus%25253Dyes%252526appfrom%25253D%252526g_tk%25253D%252526sessionKey%25253Dafc8baaeca0a4b88bb8a78f3b9801cbf%252526checkType%25253DshowAuth%252526state%25253D&s_url=https%253A%252F%252Fopen.t.qq.com%252Fcgi-bin%252Foauth2%252Fauthorize%253Fclient_id%253D801254428%2526response_type%253Dcode%2526redirect_uri%253Dhttp%25253A%25252F%25252Fwww.manhuajun.com%25252Findex.php%25252Fauth%25252Ftqqlogin%2526checkStatus%253Dyes%2526appfrom%253D%2526g_tk%253D%2526sessionKey%253Dafc8baaeca0a4b88bb8a78f3b9801cbf%2526checkType%253DshowAuth%2526state%253D&mibao_css=&low_login=0&daid=6&style=13&authParamUrl=&needVip=0&ptui_version=10076..Accept-Encoding: gzip,deflate,sdch..Accept-Language: zh-CN,zh;q=0.8..Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3..Cookie: RK=P0we9NvuGr; pgv_pvi=1933447168; luin=o0037641586; lskey=0001000001da63a07e07f5fc7e43753ee3f9f2bddc7b7a5290bde79a97755d7fa726d2aba3fe3b2afbce20b0; ptui_loginuin=37641586; ptisp=cnc; ptcz=ba41ad1990748217425a03bbcb929633a98c42e84ebbdc634e754c2807726c55; pt2gguin=o0037641586; uin=o0037641586; skey=@dLC1CxImx; pgv_info=ssid=s5096782034; pgv_pvid=6473875254; o_cookie=37641586....<.u...j.d82N.............E5%25A4%25B4%25E6%259D%25A1%25E5%258D%259A%25E5%25AE%25A2%2529&regmaster=&enable_qlogin=&daid=&jiechi_version=10012..Accept-Encoding: gzip,deflate,sdch..Accept-Language: zh-CN,zh;q=0.8..Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3..Cookie: RK=BIpSNzhuv3; pgv_pvi=4598700032; pgv_pvid=3630292000; o_cookie=965190834; pt2gguin=o0965190834; ptcz=3fadc3b7516c31ec4c7f3e9234b947a278f4bdd3afd8525542991928578c14b2; pgv_si=s5681696768; ptui_identifier=000DEFA42103D10BA87486F467A740FDDEB23F90747D2BED107BE5A4......b....2YN.D.....&..........2A55So55qE56CW5pS%2525254055qE5pe26Ze06ZW%2525252A5LqGIOi%2525252AmOWPr%25252540S7peeUqOWQl%25252540%252525408n%25252540Wkp%25252540e6puaciTblubTku6XkuIrkuoYg6ICM5LiU5LiA55u05Zyo5aSW6Z2i5pS%25252540552A6aOO5ZC56Zuo5reL55qEpicIdStart%2525253DpicIdEnd%252526checkStatus%25253Dyes%252526appfrom%25253D%252526g_tk%25253D%252526sessionKey%25253D328288468a2a4315b83c25a3737d40f6%252526checkType%25253DshowAuth%252526state%25253D&s_url=https%253A%252F%252Fopen.t.qq.com%252Fcgi-bin%252Foauth2%252Fauthorize%253Fclient_id%253D801155390%2526response_type%253Dcode%2526redirect_uri%253Dhttp%25253A%25252F%25252Fwww.wenwo.com%25252F360%25252Fquesforward%25253Fkeywords%25253D55uW5oi%25252A55So55qE57qi56CW5pS%25254055qE5pe26Ze06ZW%25252A5LqGIOi%25252AmOWPr%252540S7peeUqOWQl%252540%2525408n%252540Wkp%252540e6puaciTblubTku6XkuIrkuoYg6ICM5LiU6L%252540Y5LiA55u05Zyo55uW5oi%25252A55So55qE56CW5pS%25254055qE5pe26Ze06ZW%25252A5LqGIOi%25252AmOWPr%252540S7peeUqOWQl%252540%2525408n%252540Wkp%252540e6puaciTblubTku6XkuIrkuoYg6ICM5LiU5LiA55u05Zyo5aSW6Z2i5pS%252540552A6aOO5ZC56Zuo5reL55qEpicIdStart%25253DpicIdEnd%2526checkStatus%253Dyes%2526appfrom%253D%2526g_tk%253D%2526sessionKey%253D328288468a2a4315b83c25a3737d40f6%2526checkType%253DshowAuth%2526state%253D&mibao_css=&low_login=0&daid=6&style=13&authParamUrl=&needVip=0&ptui_version=10076..Accept-Encoding: gzip,deflate,sdch..Accept-Language: zh-CN,zh;q=0.8..Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3..Cookie: pt2gguin=o0070516507; ptcz=eebf8f2073a23ffaa9d8455b7fa74b67f46bcebcab8d8741f6e81e72046fc363; ptui_loginuin=70516507; o_cookie=70516507; RK=vUfKhGJFUr; pgv_pvi=3368522752; pgv_pvid=2490007677......O.2.R"....O..f(.........3%2525E9%252587%25258D45%2525E6%252596%2525A4%2525280%252529&mibao_css=&low_login=0&style=14&authParamUrl=&needVip=1&ptui_version=10076..Accept-Encoding: gzip,deflate,sdch..Accept-Language: zh-CN,zh;q=0.8..Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3..Cookie: ptui_loginuin=7888577; RK=ksdWkZKw0L; pgv_pvi=4415442944; lv_irt_id=e4bfa04c0426e9f4fdd005ebcb2ec6b6; pgv_pvid=3351331936; o_cookie=7888577; pt2gguin=o0007888577; ptcz=4849156eb8959675154893351f52ae226dfc2683ffee89d5ca84fa481b294374; pgv_si=s5540185088; ptui_identifier=000DEFA42103D10BA87486F467A740FDDEB23F90747D2BED107BE5A4.......*P....f......z......2525E5%252581%25259A%2525E7%25259A%252584%2525E6%25259C%252589%2525E7%252582%2525B9%2525E5%252581%2525B7%2525E6%252587%252592%252520%2525E8%252580%25258C%2525E4%2525B8%252594%2525E5%2525BE%252588%2525E5%2525A4%25259A%2525E9%252583%2525BD%2525E6%252598%2525AF%2525E8%252580%252581%2525E7%2525B4%2525A0%2525E6%25259D%252590%252520%2525E6%25258A%2525B1%2525E6%2525AD%252589%2525E5%252595%2525A6%252520%25253D%252520%25253D%252520-_-!%252520%2525E6%25259C%252589%2525E4%2525BA%25259B%2525E5%25259C%2525B0%2525E6%252596%2525B9%2525E8%2525BF%252598%2525E6%25259C%252589%2525E9%252587%25258D%2525E9%25259F%2525B3%2525E7%25259A%252584%2525E5%25259C%2525B0%2525E6%252596%2525B9%252520%2525E7%252594%2525BB%2525E8%2525B4%2525A8%2525E4%2525B8%25258D%2525E6%2525B8%252585%2525E6%252599%2525B0%2525E7%25259A%252584%2525E5%25259C%2525B0%2525E6%252596%2525B9%252520%2525E6%25258A%2525B1%2525E6%2525AD%252589%2525E4%2525BA%252586%2525200%2525200%2526title%253D%2525E7%252589%2525B9%2525E6%252591%252584MV%2525EF%2525BC%25259A%2525E8%2525BF%25259B%2525E5%252587%2525BB%2525E7%25259A%252584%2525E5%2525A5%2525A5%2525E7%252589%2525B9%2525E6%25259B%2525BC%2526site%253D%2525E5%252593%252594%2525E5%252593%2525A9%2525E5%252593%252594%2525E5%252593%2525A9%2526pics%253Dhttp%25253A%25252F%25252Fi1.hdslb.com%25252Fu_user%25252F56b339aba3477c14f5bfd52a2d8c8073.jpg%2526style%253D203%2526width%253D98%2526height%253D22%2526otype%253Dshare%26regmaster%3D%26enable_qlogin%3D%26daid%3D%26jiechi_version%3D10012%7C_%7CMozilla%2F5.0%20(Windows%20NT%206.1%3B%20WOW64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F30.0.1599.101%20Safari%2F537.36&v=0.7530368631705642 HTTP/1.1..Host: ssl.qq.com..Connection: keep-alive..Accept: image/webp,*/*;q=0.8..User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36..Referer: https://xui.ptlogin2.qq.com/cgi-bin/qlogin?domain=qq.com&lang=2052&qtarget=1&jumpname=&appid=15004501&param=u1%253Dhttp%25253A%25252F%25252Fsns.qzone.qq.com%25252Fcgi-bin%25252Fqzshare%25252Fcgi_qzshare_onekey%25253Furl%25253Dhttp%2525253A%2525252F%2525252Fwww.bilibili.tv%2525252Fvideo%2525252Fav1073105%2525252F%252526showcount%25253D1%252526desc%25253D%252525E7%25252589%252525B9%252525E6%25252591%25252584MV%252525EF%252525BC%2525259A%252525E8%252525BF%2525259B%252525E5%25252587%252525BB%252525E7%2525259A%25252584%252525E5%252525A5%252525A5%252525E7%25252589%252525B9%252525E6%2525259B%252525BC%25252520UP%252525E4%252525B8%252525BB%252525EF%252525BC%2525259Avs%252525E4%252525B8%252525A8%252525E4%252525B8%252525B6%252525E6%252525B2%25252589%252525E9%252525BB%25252598%252526summary%25253D%252525E8%25252587%252525AA%252525E5%25252588%252525B6MAD%25252520%252525E8%252525BF%25252599%252525E6%252525AC%252525A1%252525E5%25252581%2525259A%252525E7%2525259A%25252584%252525E6%2525259C%25252589%252525E7%25252582%252525B9%252525E5%25252581%252525B7%252525E6%25252587%25252592%25252520%252525E8%25252580%2525258C%252525E4%252525B8%25252594%252525E5%252525BE%25252588%252525E5%252525A4%2525259A%252525E9%25252583%252525BD%252525E6%25252598%252525AF%252525E8%25252580%25252581%252525E7%252525B4%252525A0%252525E6%2525259D%25252590%25252520%252525E6%2525258A%252525B1%252525E6%252525AD%25252589%252525E5%25252595%252525A6%25252520%2525253D%25252520%2525253D%25252520-_-!%25252520%252525E6%2525259C%25252589%252525E4%252525BA%2525259B%252525E5%2525259C%252525B0%252525E6%25252596%252525B9%252525E8%252525BF%25252598%252525E6%2525259C%25252589%252525E9%25252587%2525258D%252525E9%2525259F%252525B3%252525E7%2525259A%25252584%252525E5%2525259C%252525B0%252525E6%25252596%252525B9%25252520%252525E7%25252594%252525BB%252525E8%252525B4%252525A8%252525E4%252525B8%2525258D%252525E6%252525B8%25252585%252525E6%25252599%252525B0%252525E7%2525259A%25252584%252525E5%2525259C%252525B0%252525E6%25252596%252525B9%25252520%252525E6%2525258A%252525B1%252525E6%252525AD%25252589%252525E4%252525BA%25252586%252525200%2525252

修复方案:

你们最懂了

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2014-04-22 00:56

厂商回复:

非常感谢您的报告,问题已着手处理,感谢大家对腾讯业务安全的关注。如果您有任何疑问,欢迎反馈,我们会有专人跟进处理。

最新状态:

暂无