用友dns域传送泄露漏洞 | wooyun-2012-012614| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2012-012614

漏洞标题：用友dns域传送泄露漏洞

漏洞作者： upload

提交时间：2012-09-23 18:45

修复时间：2012-11-07 18:46

公开时间：2012-11-07 18:46

漏洞类型：系统/服务运维配置不当

危害等级：低

自评Rank：3

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2012-09-23：细节已通知厂商并且等待厂商处理中
2012-09-23：厂商已经确认，细节仅向厂商公开
2012-10-03：细节向核心白帽子及相关领域专家公开
2012-10-13：细节向普通白帽子公开
2012-10-23：细节向实习白帽子公开
2012-11-07：细节向公众公开

简要描述：

dns域传送泄露漏洞

详细说明：

这台的未正确设置

ns1.ufsoft.com.cn

Trying Zone Transfer for yonyou.com on ns1.ufsoft.com.cn ... 
yonyou.com                               3600     IN    SOA                
yonyou.com                               3600     IN    A        125.35.5.132
yonyou.com                               3600     IN    NS                 
yonyou.com                               3600     IN    NS                 
yonyou.com                               3600     IN    NS                 
yonyou.com                               3600     IN    MX                 
yonyou.com                               3600     IN    TXT                
ns3.ufsoft.com.cn                        3600     IN    A        219.141.185.100
ns2.ufsoft.com.cn                        3600     IN    A        125.35.5.131
51chengguo.yonyou.com                    3600     IN    A        125.35.5.201
_sip._tcp.yonyou.com                     3600     IN    SRV                
_sipfederationtls._tcp.yonyou.com        3600     IN    SRV                
_sip._tls.yonyou.com                     3600     IN    SRV                
apiuu.yonyou.com                         3600     IN    A        114.112.58.18
app.yonyou.com                           3600     IN    A        125.35.5.161
apps.yonyou.com                          3600     IN    A        114.112.58.18
appucs.yonyou.com                        3600     IN    A        114.112.58.44
appucsjob.yonyou.com                     3600     IN    A        114.112.58.44
ask.yonyou.com                           3600     IN    A        114.112.58.18
aud.yonyou.com                           3600     IN    A        125.35.5.247
audit.yonyou.com                         3600     IN    A        125.35.5.247
auto.yonyou.com                          3600     IN    A        58.215.49.100
autosoft.yonyou.com                      3600     IN    A        210.13.111.26
bap.yonyou.com                           3600     IN    CNAME              
bi.yonyou.com                            3600     IN    A        125.35.5.221
bjel.yonyou.com                          3600     IN    A        124.207.205.68
bjism.yonyou.com                         3600     IN    A        124.207.205.70
bjufu.yonyou.com                         3600     IN    CNAME              
bpo.yonyou.com                           3600     IN    A        125.35.5.157
bq.yonyou.com                            3600     IN    A        125.35.5.125
branch-trend.yonyou.com                  3600     IN    A        125.35.5.146
buddy.yonyou.com                         3600     IN    A        219.141.185.66
buy.yonyou.com                           3600     IN    A        219.141.185.68
c.yonyou.com                             3600     IN    A        219.141.185.3
ca.yonyou.com                            3600     IN    A        125.35.5.152
caigou.yonyou.com                        3600     IN    A        219.239.94.180
cavpn.yonyou.com                         3600     IN    A        125.35.5.173
cellsoft.yonyou.com                      3600     IN    A        125.35.5.97
chanjet.yonyou.com                       3600     IN    A        125.35.5.186
channel.yonyou.com                       3600     IN    A        219.141.185.57
ci.yonyou.com                            3600     IN    MX                 
mail.ci.yonyou.com                       3600     IN    A        125.35.5.227
cio.yonyou.com                           3600     IN    A        114.112.58.18
clm.yonyou.com                           3600     IN    A        125.35.5.13
clouds.yonyou.com                        3600     IN    A        114.112.58.45
club.yonyou.com                          3600     IN    A        125.35.5.170
clun.yonyou.com                          3600     IN    A        125.35.5.170
cms.yonyou.com                           3600     IN    A        114.112.58.32
cncgsims.yonyou.com                      3600     IN    A        125.35.5.133
cncns.yonyou.com                         3600     IN    A        125.35.5.3
mail.zhuce.yonyou.com.yonyou.com         3600     IN    CNAME              
comp.yonyou.com                          3600     IN    A        125.35.5.194
corder.yonyou.com                        3600     IN    A        125.35.5.164
course.yonyou.com                        3600     IN    CNAME              
crm.yonyou.com                           3600     IN    A        219.141.185.99
ctgsims.yonyou.com                       3600     IN    A        219.141.185.125
ctns.yonyou.com                          3600     IN    A        219.141.185.2
cxgc.yonyou.com                          3600     IN    A        114.112.58.59
dbmservice.yonyou.com                    3600     IN    A        125.35.5.234
desktop.yonyou.com                       3600     IN    A        125.35.5.215
dev.yonyou.com                           3600     IN    A        125.35.5.216
download.yonyou.com                      3600     IN    A        114.112.58.5
ebu.yonyou.com                           3600     IN    A        219.141.185.50
edm.yonyou.com                           3600     IN    MX                 
edu.yonyou.com                           3600     IN    A        125.35.5.148
erp.yonyou.com                           3600     IN    MX                 
mail.erp.yonyou.com                      3600     IN    A        125.35.5.227
esn.yonyou.com                           3600     IN    A        114.112.58.36
espace.yonyou.com                        3600     IN    A        114.112.58.21
fankui.yonyou.com                        3600     IN    A        125.35.5.197
feedback.yonyou.com                      3600     IN    A        125.35.5.197
gbuvip.yonyou.com                        3600     IN    A        125.35.5.235
gov.yonyou.com                           3600     IN    A        125.35.5.97
hb.yonyou.com                            3600     IN    A        125.35.5.125
health.yonyou.com                        3600     IN    A        219.141.185.86
help.yonyou.com                          3600     IN    A        219.141.185.97
icc.yonyou.com                           3600     IN    A        210.14.64.242
iccfs.yonyou.com                         3600     IN    A        219.141.185.18
iccms.yonyou.com                         3600     IN    A        219.141.185.28
iccproxy.yonyou.com                      3600     IN    A        219.141.185.19
iclub.yonyou.com                         3600     IN    A        125.35.5.152
idcvpn.yonyou.com                        3600     IN    A        219.141.185.97
im.yonyou.com                            3600     IN    A        125.35.5.43
imageuu.yonyou.com                       3600     IN    A        114.112.58.19
impool.yonyou.com                        3600     IN    A        192.168.8.20
isd.yonyou.com                           3600     IN    A        125.35.5.139
isdfs.yonyou.com                         3600     IN    A        219.141.185.18
iservice.yonyou.com                      3600     IN    A        125.35.5.132
ism.yonyou.com                           3600     IN    A        125.35.5.6
isupport.yonyou.com                      3600     IN    CNAME              
it168.yonyou.com                         3600     IN    A        114.112.58.18
job.yonyou.com                           3600     IN    A        61.129.48.130
jobs.yonyou.com                          3600     IN    A        61.129.48.130
kaoqin.yonyou.com                        3600     IN    A        125.35.5.168
learning.yonyou.com                      3600     IN    CNAME              
lgf.yonyou.com                           3600     IN    A        219.141.184.203
lms.yonyou.com                           3600     IN    A        219.141.185.91
lpt.yonyou.com                           3600     IN    CNAME              
mail.yonyou.com                          3600     IN    A        219.141.185.43
mail1.yonyou.com                         3600     IN    A        219.141.185.43
mail2.yonyou.com                         3600     IN    A        219.141.185.43
meeting.yonyou.com                       3600     IN    A        220.181.130.24
merpupdate.yonyou.com                    3600     IN    A        211.100.20.93
moa.yonyou.com                           3600     IN    A        219.141.185.89
mobile.yonyou.com                        3600     IN    A        125.35.5.216
mobilenc.yonyou.com                      3600     IN    A        125.35.5.217
mobileu8.yonyou.com                      3600     IN    CNAME              
my.yonyou.com                            3600     IN    A        58.215.49.100
myauto.yonyou.com                        3600     IN    A        221.130.198.110
myerp.yonyou.com                         3600     IN    A        125.35.5.12
ncoa.yonyou.com                          3600     IN    A        125.35.5.212
nctiyan.yonyou.com                       3600     IN    A        125.35.5.211
nczx.yonyou.com                          3600     IN    CNAME              
niwen.yonyou.com                         3600     IN    A        114.112.58.18
nmgmail.yonyou.com                       3600     IN    A        211.154.223.22
nn.yonyou.com                            3600     IN    A        220.181.130.8
ns1.yonyou.com                           3600     IN    A        125.35.5.130
ns3.yonyou.com                           3600     IN    A        219.141.185.100
oa.yonyou.com                            3600     IN    A        125.35.5.147
ocsweb.yonyou.com                        3600     IN    A        125.35.5.163
open.yonyou.com                          3600     IN    A        114.112.58.45
openapi.yonyou.com                       3600     IN    A        114.112.58.18
order.yonyou.com                         3600     IN    CNAME              
oss.yonyou.com                           3600     IN    A        114.112.58.27
park.yonyou.com                          3600     IN    A        125.35.5.132
parter.yonyou.com                        3600     IN    A        125.35.5.234
parterner.yonyou.com                     3600     IN    A        125.35.5.231
passart.yonyou.com                       3600     IN    NS                 
passart.yonyou.com                       3600     IN    NS                 
plansr.yonyou.com                        3600     IN    A        125.35.5.155
plansrv.yonyou.com                       3600     IN    A        125.35.5.155
pns.yonyou.com                           3600     IN    A        114.112.58.33
prm.yonyou.com                           3600     IN    A        219.141.185.42
register.yonyou.com                      3600     IN    CNAME              
reqsrv.yonyou.com                        3600     IN    A        125.35.5.197
saas.yonyou.com                          3600     IN    A        123.127.98.4
safe.yonyou.com                          3600     IN    A        125.35.5.6
sale.yonyou.com                          3600     IN    A        125.35.5.233
salon.yonyou.com                         3600     IN    A        125.35.5.241
sdp.yonyou.com                           3600     IN    A        125.35.5.197
search.yonyou.com                        3600     IN    A        125.35.5.165
seentao.yonyou.com                       3600     IN    A        117.79.149.36
service.yonyou.com                       3600     IN    A        125.35.5.241
servicehome.yonyou.com                   3600     IN    A        125.35.5.139
sgbu.yonyou.com                          3600     IN    A        125.35.5.146
shanghai.yonyou.com                      3600     IN    A        125.35.5.132
shenpi.yonyou.com                        3600     IN    A        219.141.185.114
shop.yonyou.com                          3600     IN    A        219.141.185.76
sjk.yonyou.com                           3600     IN    A        219.141.185.3
smb.yonyou.com                           3600     IN    A        219.234.83.18
smbbj.yonyou.com                         3600     IN    A        219.234.83.18
smbcd.yonyou.com                         3600     IN    A        219.234.83.18
smbcq.yonyou.com                         3600     IN    A        219.234.83.18
smbgz.yonyou.com                         3600     IN    A        219.234.83.18
smbhz.yonyou.com                         3600     IN    A        219.234.83.18
smbnj.yonyou.com                         3600     IN    A        219.234.83.18
smbsh.yonyou.com                         3600     IN    A        219.234.83.18
smbsz.yonyou.com                         3600     IN    A        219.234.83.18
smbwh.yonyou.com                         3600     IN    A        219.234.83.18
smtp1.yonyou.com                         3600     IN    A        125.35.5.165
smtp2.yonyou.com                         3600     IN    A        125.35.5.134
softsk.yonyou.com                        3600     IN    A        219.141.185.34
space.yonyou.com                         3600     IN    A        114.112.58.18
staticoss.yonyou.com                     3600     IN    A        114.112.58.30
store.yonyou.com                         3600     IN    A        114.112.58.21
subject.yonyou.com                       3600     IN    A        125.35.5.165
support.yonyou.com                       3600     IN    A        219.141.185.26
svn.yonyou.com                           3600     IN    A        114.112.58.13
t.yonyou.com                             3600     IN    A        125.35.5.231
t1.yonyou.com                            3600     IN    A        125.35.5.231
t1bbs.yonyou.com                         3600     IN    A        125.35.5.182
t3.yonyou.com                            3600     IN    A        125.35.5.231
t3bbs.yonyou.com                         3600     IN    A        125.35.5.182
t3partner.yonyou.com                     3600     IN    A        125.35.5.182
t6.yonyou.com                            3600     IN    A        219.141.185.3
tcavpn.yonyou.com                        3600     IN    A        219.141.185.97
tclub.yonyou.com                         3600     IN    A        219.141.185.47
techsupport.yonyou.com                   3600     IN    A        125.35.5.139
tgbu.yonyou.com                          3600     IN    A        125.35.5.146
ticc.yonyou.com                          3600     IN    A        220.181.130.24
tj.yonyou.com                            3600     IN    A        125.35.5.132
toa.yonyou.com                           3600     IN    A        220.181.130.23
tobacco.yonyou.com                       3600     IN    A        59.61.75.83
tong.yonyou.com                          3600     IN    A        125.35.5.231
tongji.yonyou.com                        3600     IN    A        125.35.5.137
torder.yonyou.com                        3600     IN    A        219.141.185.37
tregister.yonyou.com                     3600     IN    A        219.141.185.60
tsale.yonyou.com                         3600     IN    A        125.35.5.142
tss.yonyou.com                           3600     IN    A        125.35.5.178
tssw.yonyou.com                          3600     IN    A        125.35.5.231
tvpn.yonyou.com                          3600     IN    A        219.141.185.97
u6.yonyou.com                            3600     IN    A        219.141.185.3
u6dmp.yonyou.com                         3600     IN    A        219.141.185.3
u8.yonyou.com                            3600     IN    A        211.100.60.23
u8icc.yonyou.com                         3600     IN    A        219.141.185.88
u8icc2.yonyou.com                        3600     IN    A        219.141.185.87
u8icc3.yonyou.com                        3600     IN    A        125.35.5.241
u8icctest.yonyou.com                     3600     IN    A        125.35.5.187
u8manager.yonyou.com                     3600     IN    A        125.35.5.207
u8nta.yonyou.com                         3600     IN    A        125.35.5.222
u9icc.yonyou.com                         3600     IN    A        219.141.185.36
u9online.yonyou.com                      3600     IN    A        219.141.185.36
u9service.yonyou.com                     3600     IN    A        219.141.185.52
ucs.yonyou.com                           3600     IN    A        114.112.58.43
udn.yonyou.com                           3600     IN    A        125.35.5.179
udp.yonyou.com                           3600     IN    A        219.141.185.3
ufapp.yonyou.com                         3600     IN    A        219.141.185.61
ufbg-ss02.yonyou.com                     3600     IN    A        125.35.5.215
ufcsp.yonyou.com                         3600     IN    A        125.35.5.226
ufec.yonyou.com                          3600     IN    A        125.35.5.177
ufidacwa.yonyou.com                      3600     IN    A        125.35.5.174
ufidaex.yonyou.com                       3600     IN    A        125.35.5.191
ufisip.yonyou.com                        3600     IN    CNAME              
ufisipdemo.yonyou.com                    3600     IN    A        125.35.5.237
uflive.yonyou.com                        3600     IN    A        219.141.185.40
ufonline.yonyou.com                      3600     IN    A        219.238.238.90
ufpartner.yonyou.com                     3600     IN    A        125.35.5.180
ufpmp.yonyou.com                         3600     IN    CNAME              
ufprm.yonyou.com                         3600     IN    A        125.35.5.246
ufprmnew.yonyou.com                      3600     IN    A        125.35.5.180
ufreqsrv.yonyou.com                      3600     IN    A        125.35.5.197
ufsdp.yonyou.com                         3600     IN    A        125.35.5.206
ufsdp-bestpractices.yonyou.com           3600     IN    A        125.35.5.197
ufsdp-borrow.yonyou.com                  3600     IN    A        125.35.5.197
ufsdp-live.yonyou.com                    3600     IN    A        125.35.5.206
ufsdp-open.yonyou.com                    3600     IN    A        125.35.5.169
ufsdp-vote.yonyou.com                    3600     IN    A        125.35.5.197
ufsdp-zjsj.yonyou.com                    3600     IN    A        125.35.5.197
ufsdpapp.yonyou.com                      3600     IN    A        125.35.5.197
ufsdpweb.yonyou.com                      3600     IN    A        125.35.5.198
ufwebservice.yonyou.com                  3600     IN    A        219.141.185.11
uop.yonyou.com                           3600     IN    A        114.112.58.31
uop1.yonyou.com                          3600     IN    A        114.112.58.20
update.yonyou.com                        3600     IN    A        220.181.130.22
ut136.yonyou.com                         3600     IN    A        219.141.185.3
uu.yonyou.com                            3600     IN    A        219.141.185.38
uuw.yonyou.com                           3600     IN    A        219.141.185.50
v.yonyou.com                             3600     IN    A        219.141.185.41
verify.yonyou.com                        3600     IN    A        210.73.207.5
vip.yonyou.com                           3600     IN    A        125.35.5.232
vote.yonyou.com                          3600     IN    A        125.35.5.137
vpn.yonyou.com                           3600     IN    CNAME              
wacrmtest.yonyou.com                     3600     IN    A        219.141.185.93
wap.yonyou.com                           3600     IN    A        125.35.5.149
www.yonyou.com                           3600     IN    CNAME              
xiaoxi.yonyou.com                        3600     IN    A        219.141.185.105
xindao.yonyou.com                        3600     IN    A        211.100.55.246
xly.yonyou.com                           3600     IN    A        123.127.98.34
yae.yonyou.com                           3600     IN    A        114.112.58.34
yaoqing.yonyou.com                       3600     IN    MX                 
yct.yonyou.com                           3600     IN    A        219.141.185.3
ywd.yonyou.com                           3600     IN    A        114.112.58.48
yycbas.yonyou.com                        3600     IN    A        125.35.5.166
yytals.yonyou.com                        3600     IN    A        125.35.5.166
zhichi.yonyou.com                        3600     IN    A        219.141.185.53
zhishi.yonyou.com                        3600     IN    A        125.35.5.140
zhuce.yonyou.com                         3600     IN    MX                 
zhuce.yonyou.com                         3600     IN    MX                 
mail.zhuce.yonyou.com                    3600     IN    CNAME              
zhuce1.yonyou.com                        3600     IN    MX

漏洞证明：

修复方案：

正确设置ns1的相关配置

版权声明：转载请注明来源 upload@乌云

漏洞回应

厂商回应：

危害等级：低

漏洞Rank：3

确认时间：2012-09-23 22:27

厂商回复：

感谢 upload@乌云对我们信息安全提升的帮助，此问题我们会尽快处理，再次表示衷心的感谢。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2012-012614

漏洞标题：用友dns域传送泄露漏洞

相关厂商：用友软件

漏洞作者： upload

提交时间：2012-09-23 18:45

修复时间：2012-11-07 18:46

公开时间：2012-11-07 18:46

漏洞类型：系统/服务运维配置不当

危害等级：低

自评Rank：3

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 upload@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2012-012614

漏洞标题：用友dns域传送泄露漏洞

相关厂商：用友软件

漏洞作者： upload

提交时间：2012-09-23 18:45

修复时间：2012-11-07 18:46

公开时间：2012-11-07 18:46

漏洞类型：系统/服务运维配置不当

危害等级：低

自评Rank：3

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2012-012614"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 upload@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：