同花顺DNS域传送

漏洞概要

缺陷编号:WooYun-2012-016737

漏洞标题:同花顺DNS域传送

相关厂商:同花顺

漏洞作者:沦沦

提交时间:2012-12-31 15:22

公开时间:2013-01-05 15:23

漏洞类型:网络敏感信息泄漏

危害等级:低

自评Rank:3

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

Tags标签:

漏洞详情

披露状态:

2012-12-31: 细节已通知厂商并且等待厂商处理中
2012-12-31: 厂商已查看当前漏洞内容,细节仅向厂商公开
2013-01-05: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

同花顺DNS域传送

详细说明:

Trying Zone Transfers and getting Bind Versions:_________________________________________________Trying Zone Transfer for 10jqka.com.cn on ns2.10jqka.com.cn ...10jqka.com.cn 600 IN SOA10jqka.com.cn 60 IN A 220.189.211.1710jqka.com.cn 14400 IN NS10jqka.com.cn 14400 IN NS10jqka.com.cn 14400 IN MX10jqka.com.cn 14400 IN MX10jqka.com.cn 14400 IN MX10jqka.com.cn 14400 IN TXT3650.10jqka.com.cn 60 IN CNAME388c.10jqka.com.cn 60 IN CNAME515.10jqka.com.cn 60 IN CNAME535.10jqka.com.cn 60 IN CNAME6600.10jqka.com.cn 60 IN CNAME6x.10jqka.com.cn 180 IN A 172.20.0.1137610.10jqka.com.cn 60 IN CNAME7650.10jqka.com.cn 60 IN CNAME8390.10jqka.com.cn 60 IN CNAME_domainkey.10jqka.com.cn 3600 IN TXThexin._domainkey.10jqka.com.cn 3600 IN TXTa760.10jqka.com.cn 60 IN CNAMEa768.10jqka.com.cn 60 IN CNAMEa890.10jqka.com.cn 60 IN CNAMEaa.10jqka.com.cn 60 IN CNAMEactivity.10jqka.com.cn 60 IN CNAMEad.10jqka.com.cn 60 IN CNAMEadv.10jqka.com.cn 60 IN CNAMEam.10jqka.com.cn 60 IN CNAMEambp.10jqka.com.cn 60 IN CNAMEapi.10jqka.com.cn 60 IN CNAMEask.10jqka.com.cn 60 IN CNAMEauth.10jqka.com.cn 60 IN CNAMEauth2.10jqka.com.cn 60 IN CNAMEauto.10jqka.com.cn 60 IN A 118.67.112.116badminton.10jqka.com.cn 60 IN CNAMEbar.10jqka.com.cn 60 IN CNAMEbasic.10jqka.com.cn 60 IN CNAMEbbs.10jqka.com.cn 60 IN CNAMEbbs1.10jqka.com.cn 60 IN CNAMEbbs2.10jqka.com.cn 60 IN CNAMEbbsclick.10jqka.com.cn 60 IN CNAMEblog.10jqka.com.cn 60 IN CNAMEblogclick.10jqka.com.cn 60 IN CNAMEbond.10jqka.com.cn 60 IN CNAMEbroker.10jqka.com.cn 60 IN CNAMEbs.10jqka.com.cn 60 IN CNAMEcacheml.10jqka.com.cn 14400 IN A 120.193.10.106cacheml.10jqka.com.cn 14400 IN A 120.193.9.137cacheml.10jqka.com.cn 14400 IN A 120.193.10.108cacheml.10jqka.com.cn 14400 IN A 120.193.10.109cachemlx.10jqka.com.cn 14400 IN A 120.193.10.106cachemlx.10jqka.com.cn 14400 IN A 120.193.9.137cachemlx.10jqka.com.cn 14400 IN A 120.193.10.109cachenle.10jqka.com.cn 14400 IN A 60.12.230.66cachenle.10jqka.com.cn 14400 IN A 60.12.230.67cachenle.10jqka.com.cn 14400 IN A 60.12.139.226cachenlh.10jqka.com.cn 14400 IN A 60.12.230.66cachenlh.10jqka.com.cn 14400 IN A 60.12.230.67cachenlh.10jqka.com.cn 14400 IN A 60.12.142.177cachenlh.10jqka.com.cn 14400 IN A 60.12.139.226cachenw.10jqka.com.cn 14400 IN A 60.12.230.66cachenw.10jqka.com.cn 14400 IN A 60.12.230.67cachenw.10jqka.com.cn 14400 IN A 60.12.139.226cachenw.10jqka.com.cn 14400 IN A 60.217.234.6cachenw.10jqka.com.cn 14400 IN A 125.39.116.178cachenw.10jqka.com.cn 14400 IN A 218.25.69.242cachenwh.10jqka.com.cn 14400 IN A 60.12.230.66cachenwh.10jqka.com.cn 14400 IN A 60.12.230.67cachenwh.10jqka.com.cn 14400 IN A 60.12.142.177

漏洞证明:

修复方案:

更改DNS服务器配置

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2013-01-05 15:23

厂商回复:

最新状态:

2014-11-06:已经修复

评价