长荣航空DNS域传送漏洞一枚 | wooyun-2014-048038| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-048038

漏洞标题：长荣航空DNS域传送漏洞一枚

漏洞作者：爱上襄阳

提交时间：2014-01-06 17:07

修复时间：2014-02-20 17:07

公开时间：2014-02-20 17:07

漏洞类型：系统/服务运维配置不当

危害等级：低

自评Rank：5

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2014-01-06：细节已通知厂商并且等待厂商处理中
2014-01-11：厂商已经确认，细节仅向厂商公开
2014-01-21：细节向核心白帽子及相关领域专家公开
2014-01-31：细节向普通白帽子公开
2014-02-10：细节向实习白帽子公开
2014-02-20：细节向公众公开

简要描述：

详细说明：

长荣航空DNS域传送漏洞一枚，通过dns域传送获取被攻击域下所有的子域名。会导致一些非公开域名（测试域名、内部域名）泄露。

漏洞证明：

> ls evaair.com
[ns3.evaair.com]
evaair.com. NS server = ns1.ev
evaair.com. NS server = ns2.ev
evaair.com. NS server = ns3.ev
evaair.com. NS server = ns4.ev
evaair.com. A 203.66.219.36
777 A 203.66.219.35
ag1 A 203.69.149.249
ambsweb A 61.218.119.200
ambsweb A 61.218.119.232
mail.america A 64.77.238.88
mailout.america A 64.77.238.89
apif A 61.218.119.200
apif A 61.218.119.232
apifweb A 61.218.119.200
apifweb A 61.218.119.232
app1 A 203.69.148.6
appmallws A 203.69.148.156
mail.asia-pacific A 59.120.69.227
mailsmtp.asia-pacific A 203.69.148.190
autodiscover A 60.251.185.199
autodiscover A 61.219.166.7
av A 61.219.168.12
av01 A 61.219.168.22
b2bint1 A 203.69.148.224
b2bint2 A 203.69.148.225
b2bqa1 A 203.69.148.226
b2bqa2 A 203.69.148.227
bgtcoms A 203.69.148.140
br16 A 203.66.219.35
brcargo A 203.66.219.38
cabin A 203.69.148.207
cappf5test A 60.248.212.118
cargoappmsg A 61.218.119.210
cargoappmsg A 61.218.119.242
cargoaptdvp A 203.69.148.6
cargoecdvp A 61.218.119.198
cargoecdvp A 61.218.119.230
cargoops A 203.69.148.5
cargoopsqa A 203.69.148.4
cargoqa1 A 203.69.148.131
cecf5test A 60.248.212.119
cis A 61.218.119.194
cis A 61.218.119.226
cldbk01 A 60.248.133.194
cmscpbs A 61.218.119.194
cmscpbs A 61.218.119.226
crew A 59.120.69.214
crtsbkp A 203.69.148.177
crtsmail A 59.120.69.232
csi A 203.69.148.193
csinew A 203.69.148.234
csr A 203.69.148.244
dac A 220.128.253.187
dacrl A 220.128.253.187
ears A 61.218.119.200
ears A 61.218.119.232
ebook A 203.69.148.12
eco A 203.66.219.35
edge A 210.66.100.118
egac A 203.69.148.240
ehweb2 A 203.69.148.169
elc01 A 60.251.185.194
elc01 A 61.219.166.2
elearn A 60.251.185.194
elearn A 61.219.166.2
elearnqa A 60.251.185.194
elearnqa A 61.219.166.2
email A 60.251.185.199
email A 61.219.166.7
email2003 A 60.251.185.197
email2003 A 61.219.166.5
ep-idx A 203.69.148.216
ep-srh A 203.69.148.218
eservice2 A 203.66.219.35
eservice3 A 203.66.219.38
evaeup51.europe A 81.246.10.203
mail.europe A 81.246.10.203
eva-rms A 60.251.185.194
eva-rms A 61.219.166.2
evaasa52 A 203.69.148.190
evabid A 61.218.119.194
evabid A 61.218.119.226
evaflow A 60.251.185.194
evaflow A 61.219.166.2
evaflowdt A 203.69.148.245
evaflowt A 203.69.148.204
evafosfa A 203.69.148.213
evaftp A 60.251.185.210
evaftp A 61.219.166.18
evagsc A 60.248.212.120
evakitty A 203.66.219.35
evakpi A 60.251.185.194
evakpi A 61.219.166.2
evamb A 61.218.121.27
evapm A 60.251.185.194
evapm A 61.219.166.2
evaportal A 203.69.148.179
evasc A 60.248.212.123
evasender A 203.66.219.53
evasftp A 203.69.148.185
evatcm A 203.66.219.42
evatest A 203.69.149.22
evatou54 A 203.66.153.30
evatou81 A 203.69.148.133
evatou82 A 203.69.148.155
evawebt A 203.69.148.30
evawt3 A 61.218.119.207
evawt3 A 61.218.119.239
ffpmail1 A 203.69.148.161
finsnetqa1 A 203.69.148.236
fis A 203.69.148.156
fisnet A 61.218.119.209
fisnet A 61.218.119.241
fisnetqa1 A 203.69.148.199
fisnetqa2 A 203.69.148.200
fisoem A 61.218.119.209
fisoem A 61.218.119.241
fist A 203.69.148.157
fistest A 203.69.148.171
fiswebservice A 61.218.119.194
fiswebservice A 61.218.119.226
fl-biz A 203.69.148.147
flighttrace01 A 61.218.119.194
flighttrace01 A 61.218.119.226
flighttrace02 A 61.218.119.194
flighttrace02 A 61.218.119.226
fpsweb A 61.218.119.209
fpsweb A 61.218.119.241
gb2 A 203.66.219.43
gcs A 60.248.212.99
gcs A 61.218.121.3
gcstest A 203.69.148.166
gcstest A 203.69.148.207
gogoeva A 60.248.212.100
gogoeva A 61.218.121.4
hellofis A 203.69.148.156
hifisweb A 61.218.119.209
hifisweb A 61.218.119.241
hokkaido A 203.66.219.35
host A 203.69.148.139
im A 61.218.119.202
im A 61.218.119.234
imext01 A 203.69.148.17
imextabs A 61.218.119.205
imextabs A 61.218.119.237
immeet A 61.218.119.205
immeet A 61.218.119.237
irisforum A 203.69.148.205
kvmserver01 A 203.69.148.8
kvmserver02 A 203.69.148.9
liveqacms1 A 203.69.148.13
lyncdiscover A 61.218.119.205
lyncdiscover A 61.218.119.237
m A 203.66.219.58
m1 A 203.66.219.41
mail A 203.69.148.213
mail A 219.84.103.17
mail-in A 203.69.148.187
mail-out01 A 60.251.185.200
mail-out01 A 61.219.166.8
mail-out02 A 60.251.185.201
mail-out02 A 61.219.166.9
mail2 A 203.69.148.153
mailin A 60.251.185.202
mailin A 61.219.166.10
mailspam01 A 60.251.185.214
mailspam01 A 61.219.166.22
mailspam02 A 60.251.185.215
mailspam02 A 61.219.166.23
mailsrv A 203.69.148.155
mailsrv2 A 203.69.148.133
mailsts A 203.69.148.137
mailtest A 203.69.148.247
mall A 203.66.219.37
mobile A 203.66.219.58
mossssp A 203.69.148.236
mumbai A 203.66.219.37
myegat A 61.218.119.196
myegat A 61.218.119.228
myegsc A 61.218.119.195
myegsc A 61.218.119.227
myeva A 61.218.119.194
myeva A 61.218.119.226
myeva2 A 60.251.185.194
myeva2 A 61.219.166.2
myeva3 A 60.251.185.196
myeva3 A 61.219.166.4
myforas A 61.218.119.194
myforas A 61.218.119.226
mysite A 203.69.148.216
mysmis A 61.218.119.194
mysmis A 61.218.119.226
nd6test A 203.69.148.153
ns1 A 203.69.148.1
ns2 A 61.219.166.28
ns3 A 60.251.185.220
ns4 A 61.218.119.252
oardp A 203.69.148.202
oaweb A 203.69.148.244
onenet A 61.218.119.247
onenet A 61.219.166.13
opsf5test A 60.248.212.120
originehweb2 A 203.69.148.169
origineservice A 203.66.219.58
origingb A 203.66.219.43
originwebqa A 203.69.148.230
originwww A 203.66.219.36
osgdt01 A 60.248.133.196
pilot A 203.69.148.148
pipipsrv A 61.218.119.200
pipipsrv A 61.218.119.232
premall A 203.66.219.34
qacms2 A 203.69.148.14
qahellocoms A 203.69.148.207
qamallweb A 203.69.148.15
qamobile A 203.69.148.230
qarts2 A 203.69.148.214
qasmasweb A 203.69.148.182
qaweb1 A 203.69.148.131
qaweb2 A 203.69.148.169
qawpsn A 203.69.148.175
cabin.qb A 203.69.148.207
royallaurel A 203.66.219.35
sdc A 61.218.119.207
sdc A 61.218.119.239
service2 A 203.66.219.46
sin A 203.69.148.201
sipap A 61.219.168.10
sipap01 A 61.219.168.20
skdt01 A 60.248.133.195
smasb2b01 A 61.218.119.194
smasb2b01 A 61.218.119.226
sms A 203.69.148.55
spsowa A 60.251.185.198
spsowa A 61.219.166.6
sslvpn A 61.222.97.211
stageisobar A 220.128.167.106
stageqacms1 A 203.69.148.13
stagewww A 203.66.219.36
storm A 60.251.185.204
storm A 61.219.166.12
tcmsweb A 203.69.148.246
thunder A 60.251.185.203
thunder A 61.219.166.11
ep.uat A 203.69.148.222
unibid A 61.218.119.194
unibid A 61.218.119.226
vpn A 61.218.119.215
vpn A 61.218.119.247
webconf A 61.219.168.11
webconf01 A 61.219.168.21
webim A 61.218.119.201
webim A 61.218.119.233
webqa A 203.69.148.230
webqa2 A 203.69.148.7
wss A 203.66.219.55
yafisinet A 203.69.148.221

修复方案：

修改配置

版权声明：转载请注明来源爱上襄阳@乌云

漏洞回应

厂商回应：

危害等级：低

漏洞Rank：4

确认时间：2014-01-11 10:13

厂商回复：

对于域传送漏洞，非政府和重要部门，CNVD暂不列入处置流程，仅确认测试情况。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-048038

漏洞标题：长荣航空DNS域传送漏洞一枚

相关厂商：长荣航空

漏洞作者：爱上襄阳

提交时间：2014-01-06 17:07

修复时间：2014-02-20 17:07

公开时间：2014-02-20 17:07

漏洞类型：系统/服务运维配置不当

危害等级：低

自评Rank：5

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源爱上襄阳@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-048038

漏洞标题：长荣航空DNS域传送漏洞一枚

相关厂商：长荣航空

漏洞作者： 爱上襄阳

提交时间：2014-01-06 17:07

修复时间：2014-02-20 17:07

公开时间：2014-02-20 17:07

漏洞类型：系统/服务运维配置不当

危害等级：低

自评Rank：5

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2014-048038"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 爱上襄阳@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：爱上襄阳

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源爱上襄阳@乌云