当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0197708

漏洞标题:747盒子多台数据库服务器未授权访问

相关厂商:747.cn

漏洞作者: 路人甲

提交时间:2016-04-18 10:12

修复时间:2016-06-02 18:50

公开时间:2016-06-02 18:50

漏洞类型:未授权访问/权限绕过

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-04-18: 细节已通知厂商并且等待厂商处理中
2016-04-18: 厂商已经确认,细节仅向厂商公开
2016-04-28: 细节向核心白帽子及相关领域专家公开
2016-05-08: 细节向普通白帽子公开
2016-05-18: 细节向实习白帽子公开
2016-06-02: 细节向公众公开

简要描述:

747盒子多台数据库服务器未授权访问

详细说明:

REDIS未授权访问
redis://122.112.12.155:6400
redis://122.112.12.155:6401
redis://122.112.12.155:6402
redis://122.112.12.155:6405
redis://122.112.12.155:6403
redis://122.112.12.155:6404

{'pubsub_channels': 0, 'used_memory_peak_human': '789.52K', 'bgrewriteaof_in_progress': 0, 'connected_slaves': 0, 'uptime_in_days': 405, 'multiplexing_api': 'epoll', 'lru_clock': 1389986, 'last_save_time': 1426156866, 'redis_version': '2.4.14', 'redis_git_sha1': 0, 'gcc_version': '4.6.2', 'connected_clients': 11, 'keyspace_misses': 0, 'used_memory': 807664, 'vm_enabled': 0, 'used_cpu_user_children': 0.0, 'used_memory_peak': 808472, 'role': 'master', 'total_commands_processed': 210091044, 'latest_fork_usec': 159, 'loading': 0, 'used_memory_rss': 1748992, 'total_connections_received': 40, 'pubsub_patterns': 0, 'aof_enabled': 0, 'used_cpu_sys': 11264.5, 'used_memory_human': '788.73K', 'used_cpu_sys_children': 0.0, 'blocked_clients': 0, 'used_cpu_user': 6085.46, 'client_biggest_input_buf': 0, 'arch_bits': 64, 'mem_fragmentation_ratio': 2.17, 'expired_keys': 0, 'evicted_keys': 0, 'bgsave_in_progress': 0, 'client_longest_output_list': 0, 'mem_allocator': 'jemalloc-2.2.5', 'process_id': 2647, 'uptime_in_seconds': 35055884, 'changes_since_last_save': 8, 'redis_git_dirty': 0, 'keyspace_hits': 0}


漏洞利用:
http://drops.wooyun.org/papers/10546
http://www.oschina.net/news/67975/redis-defect?from=mail-notify

漏洞证明:

122.112.12.156 : MEMECACHED 未授权访问

STAT uptime 319335
STAT time 1460944220
STAT version 1.4.25
STAT libevent 2.0.22-stable
STAT pointer_size 64
STAT rusage_user 5.099224
STAT rusage_system 3.305497
STAT curr_connections 10
STAT total_connections 19
STAT connection_structures 11
STAT reserved_fds 20
STAT cmd_get 0
STAT cmd_set 0
STAT cmd_flush 0
STAT cmd_touch 0
STAT get_hits 0
STAT get_misses 0
STAT delete_misses 0
STAT delete_hits 0
STAT incr_misses 0
STAT incr_hits 0
STAT decr_misses 0
STAT decr_hits 0
STAT cas_misses 0
STAT cas_hits 0
STAT cas_badval 0
STAT touch_hits 0
STAT touch_misses 0
STAT auth_cmds 0
STAT auth_errors 0
STAT bytes_read 798
STAT bytes_written 5896
STAT limit_maxbytes 67108864
STAT accepting_conns 1
STAT listen_disabled_num 0
STAT time_in_listen_disabled_us 0
STAT threads 4
STAT conn_yields 0
STAT hash_power_level 16
STAT hash_bytes 524288
STAT hash_is_expanding 0
STAT malloc_fails 0
STAT bytes 0
STAT curr_items 0
STAT total_items 0
STAT expired_unfetched 0
STA

修复方案:

不对公网开放

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2016-04-18 18:41

厂商回复:

十分感谢

最新状态:

暂无