当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0148654

漏洞标题:航空安全之海南航空DNS域传送漏洞#2

相关厂商:海南航空

漏洞作者: harbour_bin

提交时间:2015-10-22 17:22

修复时间:2015-12-07 08:58

公开时间:2015-12-07 08:58

漏洞类型:重要敏感信息泄露

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-22: 细节已通知厂商并且等待厂商处理中
2015-10-23: 厂商已经确认,细节仅向厂商公开
2015-11-02: 细节向核心白帽子及相关领域专家公开
2015-11-12: 细节向普通白帽子公开
2015-11-22: 细节向实习白帽子公开
2015-12-07: 细节向公众公开

简要描述:

RT
赶紧测试了其他的DNS服务器, 又发现一处, 赶紧的吧!

详细说明:

另外一处, IP地址不一样.

> server ns2.hnair.com
默认服务器: ns2.hnair.com
Address: 221.11.139.153
> ls -d hnair.com


DNS1.png

漏洞证明:

> server ns2.hnair.com
默认服务器: ns2.hnair.com
Address: 221.11.139.153
> ls -d hnair.com
[ns2.hnair.com]
hnair.com. SOA ns1.hnair.com hostmaster.ns1.hnair.com. (
2014031205 28800 7200 604800 86400)
hnair.com. NS ns1.hnair.com
hnair.com. NS ns2.hnair.com
hnair.com. A 114.251.242.10
hnair.com. A 1.202.236.138
hnair.com. MX 10 Edge.hnair.com
hnair.com. MX 15 edgebj.hnair.com
biz A 122.119.114.17
uat-hnass A 114.251.242.106
smtp A 202.100.200.45
smtp A 221.11.139.145
ecargo A 202.100.226.70
ecargo A 221.11.139.135
bigip A 202.100.226.85
bigip A 221.11.139.159
wwwakamai A 114.251.242.10
wwwakamai A 1.202.236.138
hna-technik A 202.100.200.76
hna-technik A 221.11.139.213
sftp A 202.100.226.89
sftp A 221.11.139.149
flysafety A 202.100.203.92
crl A 114.251.242.66
crl A 1.202.236.194
eterm A 202.100.200.43
gcl_test A 202.100.226.84
gcl_test A 221.11.139.142
pachna A 113.59.108.82
pachna A 202.100.226.160
conference A 221.11.139.133
meijia A 202.100.226.85
meijia A 221.11.139.159
cargo A 202.100.226.79
cargo A 221.11.139.201
syismtp A 123.124.170.122
vpnbj A 220.194.19.208
m A 202.100.200.92
m A 221.11.139.229
global A 82.150.228.78
ru.global A 82.150.227.38
fr.global A 82.150.227.38
de.global A 82.150.227.38
www.qa.global A 82.150.231.14
kr.global A 82.150.227.38
tw.global A 82.150.227.38
www.global A 82.150.227.38
ffp.global A 203.105.33.190
srm A 202.100.226.94
booking A 202.100.226.76
booking A 221.11.139.137
gziptest A 114.251.242.92
gziptest A 1.202.236.219
zzgq A 113.59.108.95
zzgq A 202.100.226.170
uat-pay-hnass A 114.251.242.106
cuxiao A 124.42.34.68
wechat A 114.251.242.165
wechat A 1.202.236.182
taocaile A 202.100.200.93
taocaile A 221.11.139.227
mail A 114.251.242.124
mail A 1.202.236.252
mail A 1.202.236.247
mail A 114.251.242.119
usmtp A 123.124.170.2
qa A 82.150.226.122
bms A 202.100.226.84
bms A 221.11.139.142
bj A 202.99.11.14
ticket A 202.100.200.35
ticket A 221.11.139.140
ismtp A 202.100.200.45
ismtp A 202.100.200.202
ismtp A 202.100.226.81
ismtp A 202.100.226.90
ismtp A 221.11.139.145
ismtp A 221.11.139.158
ismtp A 221.11.139.202
ismtp A 221.11.139.162
ismtp A 202.100.200.201
ismtp A 221.11.139.196
ismtp A 202.100.226.183
ismtp A 113.59.108.108
sso A 202.100.200.66
sso A 221.11.139.198
etermbj01 A 114.251.242.100
etermbj02 A 123.124.170.70
dialin A 113.59.108.103
dialin A 202.100.226.178
uat-pic-hnass A 114.251.242.106
cd A 202.98.127.35
ffpservice A 114.251.242.112
ehomemobile A 202.100.226.87
ehomemobile A 221.11.139.148
photo A 202.100.226.68
photo A 221.11.139.133
meet A 113.59.108.103
meet A 202.100.226.178
efb A 202.100.200.83
efb A 221.11.139.219
webcheckin A 122.119.122.63
gcl A 202.100.200.38
gcl A 221.11.139.181
pop3 A 202.100.200.45
pop3 A 221.11.139.145
flying A 202.100.226.87
flying A 221.11.139.148
sunclub A 202.100.200.41
ffpakamai A 202.100.200.89
ffpakamai A 221.11.139.225
de A 114.251.242.28
de A 1.202.236.156
icc A 202.100.200.95
icc A 221.11.139.230
sitemap A 114.251.242.36
sitemap A 1.202.236.164
entest A 202.100.200.211
entest A 202.100.226.85
entest A 221.11.139.159
entest A 221.11.139.177
pay A 202.100.226.89
pay A 221.11.139.149
flight A 202.100.203.90
qq A 119.147.14.182
qq A 58.251.58.43
hnadl A 202.100.200.99
hnadl A 221.11.139.234
lsapps A 114.251.242.94
lsapps A 1.202.236.222
cntest A 202.100.200.211
cntest A 202.100.226.85
cntest A 221.11.139.159
cntest A 221.11.139.177
hnaops1 A 202.100.200.60
pcm A 171.17.130.33
wwwglobal A 82.150.227.38
3g A 202.100.200.92
3g A 221.11.139.229
push.3g A 113.59.108.97
push.3g A 202.100.226.172
nv.3g A 202.100.200.196
nv.3g A 221.11.139.165
sh A 202.101.8.4
hnas A 202.100.226.85
hnas A 221.11.139.159
ns1 A 202.100.200.53
ns2 A 221.11.139.153
ns3 A 114.251.242.9
tc A 123.124.170.53
cfm-hnass A 114.251.242.106
ns4 A 1.202.236.136
lyncdiscoverinternal A 113.59.108.103
lyncdiscoverinternal A 202.100.226.178
edge A 202.100.200.215
edge A 221.11.139.193
attorney A 202.100.200.37
attorney A 221.11.139.161
bigiptest A 202.100.200.206
bigiptest A 221.11.139.186
exbj A 114.251.242.119
exbj A 1.202.236.247
lyfepool01 A 113.59.108.103
lyfepool01 A 202.100.226.178
admin A 202.100.226.66
admin A 221.11.139.166
hnass A 114.251.242.106
bsc A 113.59.108.82
bsc A 202.100.226.160
studentpilot A 114.251.242.121
studentpilot A 1.202.236.249
gcl_ship A 202.100.20.79
gcl_ship A 221.11.139.214
qunar A 59.151.16.185
qunar A 59.151.16.186
manual A 202.100.200.89
manual A 221.11.139.225
et A 122.119.114.17
sip A 202.100.226.176
sip A 113.59.108.100
mobile A 202.100.226.92
mobile A 221.11.139.143
ftpgcb A 202.100.226.77
ftpgcb A 221.11.139.138
miaosha A 122.119.122.51
manage A 122.119.114.20
gca-technik A 221.11.139.213
gca-technik A 202.100.200.76
sz A 202.96.140.3
ccar147 A 202.100.200.69
lyncfe A 113.59.108.103
lyncfe A 202.100.226.178
trip A 202.100.200.96
trip A 221.11.139.231
scconsole1 A 202.100.200.212
scconsole1 A 221.11.139.180
pay-hnass A 114.251.242.106
flynet A 114.251.242.20
flynet A 1.202.236.157
3gservice A 202.100.200.214
3gservice A 221.11.139.189
scconsole2 A 202.100.200.212
scconsole2 A 221.11.139.180
vns A 202.100.200.50
vns A 221.11.139.150
cma A 202.100.200.41
cma A 221.11.139.207
yhjp A 113.59.108.92
yhjp A 202.100.226.167
pic-hnass A 114.251.242.106
us A 114.251.242.28
us A 1.202.236.156
ddm A 114.251.242.94
ddm A 1.202.236.222
hk A 202.82.191.179
opcfltws A 202.100.200.87
opcfltws A 221.11.139.223
gt A 202.100.200.44
gt A 221.11.139.156
edgebj A 114.251.242.11
edgebj A 1.202.236.139
wh A 202.103.14.40
wsmtp A 221.11.139.172
wsmtp A 221.11.137.193
xa A 61.134.3.140
vpn A 202.100.200.47
vpn A 221.11.139.147
xb A 114.251.242.107
xb A 1.202.236.235
lyncdiscover A 113.59.108.103
lyncdiscover A 202.100.226.178
opcflt A 114.251.242.43
opcflt A 1.202.236.163
cncvpn A 221.11.137.193
gsmtp A 202.100.200.60
im A 202.100.200.195
im A 221.11.139.209
office A 113.59.108.102
office A 202.100.226.177
mobile-www1 A 202.100.200.212
eterm2 A 202.100.200.197
msn A 202.100.200.36
msn A 221.11.139.160
hbdt A 114.251.242.90
hbdt A 1.202.236.217
edge2 A 202.100.200.60
edge2 A 221.11.139.131
app A 114.251.242.145
app A 1.202.236.243
wx A 114.251.242.165
wx A 1.202.236.182
lsapl A 114.251.242.94
lsapl A 1.202.236.222
staffcard A 202.100.200.76
staffcard A 221.11.139.213
wx1 A 114.251.242.163
apps A 202.100.226.80
apps A 221.11.139.141
mcloud A 114.251.242.175
mcloud A 1.202.236.222
agentclub A 202.100.200.37
agentclub A 221.11.139.161
barracuda A 202.100.200.215
barracuda A 221.11.139.193
holiday A 113.59.108.85
holiday A 202.100.226.163
chenfeng A 202.100.200.39
chenfeng A 221.11.139.139
test1 CNAME test1.hnair.com.chinacache.net
mobilehnasis A 221.11.139.173
mobilehnasis A 202.100.200.209
lk A 202.100.200.212
lk A 221.11.139.180
photoes A 202.100.200.57
photoes A 221.11.139.157
test2 A 202.100.200.221
test2 A 221.11.139.254
testtaocaile A 202.100.200.94
testtaocaile A 221.11.139.226
ftp A 202.100.200.57
ftp A 221.11.139.157
weixin A 114.251.242.165
weixin A 1.202.236.182
agent A 122.119.114.17
test A 202.100.200.87
test A 221.11.139.223
www.test A 202.100.226.74
www.test A 221.11.139.168
ffptest A 202.100.200.207
ffptest A 221.11.139.186
hnair.com. SOA ns1.hnair.com hostmaster.ns1.hnair.com. (
2014031205 28800 7200 604800 86400)
>

修复方案:

...
RT:如果审核觉得麻烦, 我觉得合并也行的, 麻烦了

版权声明:转载请注明来源 harbour_bin@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-10-23 08:56

厂商回复:

谢谢,我们将立即安排整改

最新状态:

暂无