当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0200381

漏洞标题:茅台电商网康网关设备存在多个漏洞(严重影响内网安全)

相关厂商:emaotai.cn

漏洞作者: 路人甲

提交时间:2016-04-25 10:49

修复时间:2016-06-09 11:10

公开时间:2016-06-09 11:10

漏洞类型:命令执行

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-04-25: 细节已通知厂商并且等待厂商处理中
2016-04-25: 厂商已经确认,细节仅向厂商公开
2016-05-05: 细节向核心白帽子及相关领域专家公开
2016-05-15: 细节向普通白帽子公开
2016-05-25: 细节向实习白帽子公开
2016-06-09: 细节向公众公开

简要描述:

茅台电商网康网关设备存在多个漏洞(严重影响内网安全)

详细说明:

茅台财务公司网关系统,实际为网康的产品,存在多个远程高危漏洞
https://gmc.china-moutai.com/vpnweb/index.php?para=index
http://www.wooyun.org/corps/%E7%BD%91%E5%BA%B7%E7%A7%91%E6%8A%80
WooYun: 网康NS-ASG应用安全网关任意文件上传(无需登录)
WooYun: 网康 NS-ASG 应用安全网关SQL注入漏洞

漏洞证明:

[*] 基本信息 [ 	Linux localhost.localdomain 2.6.26-lfs-prayfly-isc #8 SMP Wed Mar 21 20:47:38 CST 2012 i686(root) ]
[/Isc/third-party/httpd/htdocs/vpnweb/]$ /sbin/ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:10:F3:24:D2:60  
          inet addr:192.168.1.23  Bcast:0.0.0.0  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:16 Memory:fe6e0000-fe700000 
eth1      Link encap:Ethernet  HWaddr 00:10:F3:24:D2:61  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:17 Memory:fe7e0000-fe800000 
eth2      Link encap:Ethernet  HWaddr 00:10:F3:24:D2:62  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:18 Memory:fe8e0000-fe900000 
eth3      Link encap:Ethernet  HWaddr 00:10:F3:24:D2:63  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:19 Memory:fe9e0000-fea00000 
eth4      Link encap:Ethernet  HWaddr 00:10:F3:24:D2:64  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:16 Memory:feae0000-feb00000 
eth5      Link encap:Ethernet  HWaddr 00:10:F3:24:D2:65  
          inet addr:172.27.8.61  Bcast:0.0.0.0  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:345524388 errors:22 dropped:0 overruns:0 frame:22
          TX packets:291680550 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2905934586 (2771.3 Mb)  TX bytes:1494695066 (1425.4 Mb)
          Interrupt:17 Memory:febe0000-fec00000 
gre0      Link encap:UNSPEC  HWaddr 00-00-00-00-17-59-00-00-00-00-00-00-00-00-00-00  
          NOARP  MTU:1476  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
ip6tnl0   Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          NOARP  MTU:1460  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:504113043 errors:0 dropped:0 overruns:0 frame:0
          TX packets:504113043 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:630519569 (601.3 Mb)  TX bytes:630519569 (601.3 Mb)
sit0      Link encap:UNSPEC  HWaddr 00-00-00-00-94-25-00-00-00-00-00-00-00-00-00-00  
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
teql0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          NOARP  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:91153225 errors:0 dropped:8827 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:1 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:2345603667 (2236.9 Mb)  TX bytes:0 (0.0 b)
tun0:1412 Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:172.27.212.1  P-t-P:172.27.212.1  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
tunl0     Link encap:IPIP Tunnel  HWaddr   
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
[/Isc/third-party/httpd/htdocs/vpnweb/]$

修复方案:

更新或者下线

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2016-04-25 11:04

厂商回复:

感谢您的反馈,我们将尽快修复

最新状态:

暂无