Pom qhov tsis zoo nyob hauv Apache http server

Tsis ntev los no cov xov xwm tau tawg ntawd pom qhov kev tawm tsam tshiab tawm tsam Apache http server, uas tseem tsis tau hloov pauv hauv 2.4.50 hloov tshiab thiab tso cai nkag tau cov ntaub ntawv los ntawm thaj chaw sab nrauv ntawm lub xaib lub hauv paus npe.

Ib qho ntxiv, cov kws tshawb fawb tau pom txoj hauv kev uas, thaum muaj qee yam teeb tsa tsis-txheem, tsis tsuas yog nyeem cov kab ke system, tab sis kuj ua haujlwm remotely koj cov cai ntawm tus neeg rau zaub mov.

CVE-2021-41773 ntawm Apache HTTP Server 2.4.50 tsis txaus. Ib tus neeg tawm tsam tuaj yeem siv txoj hauv kev hla kev hla mus rau daim duab qhia chaw URL rau cov ntaub ntawv sab nraud ntawm cov npe uas tau teeb tsa los ntawm cov lus qhia zoo ib yam li Aliases. Yog tias cov ntaub ntawv sab nraud ntawm cov npe no tsis raug tiv thaiv los ntawm qhov ib txwm ua "xav tau txhua qhov tsis pom zoo" teeb tsa, cov kev thov no yuav ua tiav. Yog tias CGI cov ntawv sau tseem tau qhib rau cov npe ua haujlwm no, qhov no tuaj yeem tso cai ua haujlwm deb. Qhov teeb meem no tsuas cuam tshuam rau Apache 2.4.49 thiab Apache 2.4.50 thiab tsis yog cov ntawv ua ntej.

Hauv essence, qhov teeb meem tshiab (twb tau teev tseg ua CVE-2021-42013) nws yog qhov zoo sib xws rau qhov tsis muaj qhov qub (CVE-2021-41773) ntawm 2.4.49, qhov sib txawv tsuas yog nyob hauv tus yam ntxwv sib txawv encoding.

Thiab nws yog qhov tshwj xeeb, hauv version 2.4.50 qhov ua tau ntawm kev siv ntu "% 2e" tau raug thaiv encode tus taw tes, tab sis yoge poob qhov muaj peev xwm ntawm ob chav encoding: Thaum hais qhia qhov ua ntu zus "%% 32% 65", tus neeg rau zaub mov txiav txim siab hauv "% 2e", thiab tom qab ntawd hauv ".", Uas yog Cov cim "../" mus rau phau ntawv teev npe dhau los tuaj yeem ua tus cim ". %% 32% 65 / ».

Ob qho CVEs qhov tseeb yuav luag tib txoj kev hla kev tsis zoo (qhov thib ob yog kho tsis tiav rau thawj). Txoj kev hla kev tsuas yog ua haujlwm los ntawm daim phiaj URI (piv txwv li, ntawm Apache "Alias" lossis "ScriptAlias" cov lus qhia). DocumentRoot ib leeg tsis txaus

Hais txog kev siv dag zog yuam kev los ntawm kev ua tiav txoj cai, qhov no ua tau yog tias mod_cgi tau qhib thiab txoj hauv kev tau siv rau hauv uas CGI cov ntawv raug tso cai los khiav (piv txwv li, yog tias ScriptAlias ​​cov lus qhia tau qhib lossis ExecCGI tus chij tau teev tseg hauv Cov Lus Qhia Xaiv).

Nws tau hais tias qhov yuav tsum tau ua ua ntej txhawm rau txhawm rau ua kom muaj kev vam meej kuj tseem qhia meej hauv Apache teeb tsa nkag mus rau cov npe nrog cov ntaub ntawv ua tiav, xws li / rau hauv, lossis nkag mus rau hauv paus FS " /". Txij li qhov kev nkag mus tsis tau muab ib txwm muaj, kev tua tus lej ua haujlwm yog siv me me rau cov kab ke tiag.

Nyob rau tib lub sijhawm, kev tawm tsam kom tau txais cov ntsiab lus ntawm cov ntaub ntawv cov txheej txheem tsis raug cai thiab cov ntawv sau ntawm lub vev xaib sau ntawv uas muaj rau cov neeg siv nyeem nyob rau hauv uas http server tau ua haujlwm tseem muaj feem cuam tshuam. Txhawm rau ua qhov kev tawm tsam no, tsuas yog muaj phau ntawv teev npe ntawm lub xaib teeb tsa siv "Alias" lossis "ScriptAlias" cov lus qhia (DocumentRoot tsis txaus), xws li "cgi-bin".

Ntxiv rau qhov no, nws hais txog qhov teeb meem feem ntau cuam tshuam tsis tu ncua hloov kho tshiab (Rolling Release) xws li Fedora, Arch Linux thiab Gentoo, ntxiv rau FreeBSD cov chaw nres nkoj.

Thaum Linux kev faib khoom uas ua raws cov ceg ruaj khov ntawm cov neeg xa khoom faib khoom xws li Debian, RHEL, Ubuntu thiab SUSE tsis muaj kev phom sij. Qhov teeb meem tsis tshwm yog tias nkag mus rau phau ntawv teev npe tau hais meej tsis pom zoo siv "xav tau txhua qhov tsis pom zoo« teeb tsa.

Nws tseem tsim nyog hais txog qhov ntawd Thaum Lub Kaum Hli 6-7, Cloudflare kaw ntau dua 300 qhov kev sim txhawm rau siv qhov tsis zoo CVE-2021-41773 ib hnub. Feem ntau ntawm qhov tshwm sim ntawm kev tawm tsam tsis siv neeg, lawv thov cov ntsiab lus ntawm "/cgi-bin/.%2e/.git/config", "/cgi-bin/.%2e/app/etc/local.xml ","/Cgi-bin/.% 2e/app/etc/env.php "thiab" /cgi-bin/.%2e/%2e%2e/%2e%2e/etc/passwd ".

Qhov teeb meem tsuas yog tshwm sim hauv version 2.4.49 thiab 2.4.50, yav dhau los cov kev tiv thaiv tsis raug cuam tshuam. Txhawm rau kho qhov hloov pauv tshiab ntawm qhov tsis zoo, Apache httpd 2.4.51 tso tawm sai sai.

Thaum kawg Yog tias koj xav paub txog nws ntxiv, koj tuaj yeem tshawb xyuas cov ntsiab lus Hauv txuas hauv qab no.


Cov ntsiab lus ntawm tsab xov xwm ua raws li peb cov ntsiab cai ntawm kev tswj hwm kev ncaj nceesCov. Tshaj tawm ib qho yuam kev nyem no.

Yog thawj tus tuaj tawm tswv yim

Tso koj saib

Koj email chaw nyob yuav tsis tsum luam tawm. Yuav tsum tau teb cov cim nrog *

*

*

  1. Lub luag haujlwm rau cov ntaub ntawv: Miguel Ángel Gatón
  2. Lub hom phiaj ntawm cov ntaub ntawv: Tswj SPAM, kev tswj xyuas tawm tswv yim.
  3. Sau raws cai: Koj kev tso cai
  4. Kev sib txuas lus ntawm cov ntaub ntawv: Cov ntaub ntawv yuav tsis raug xa mus rau lwm tus neeg thib peb tsuas yog los ntawm kev txiav txim siab raug cai.
  5. Cov ntaub ntawv khaws cia: Cov Ntaub Ntawv khaws tseg los ntawm Occentus Networks (EU)
  6. Txoj Cai: Txhua lub sijhawm koj tuaj yeem txwv, rov qab thiab tshem tawm koj cov ntaub ntawv.