安全研究
安全漏洞
Apache Web Server分块编码远程溢出漏洞
发布日期:2002-06-18
更新日期:2002-06-20
受影响系统:
Apache Group Apache 2.0.34-BETA win32不受影响系统:
Apache Group Apache 2.0.32-BETA win32
Apache Group Apache 2.0.28-BETA win32
Apache Group Apache 1.3.9win32
Apache Group Apache 1.3.9
Apache Group Apache 1.3.7-dev
Apache Group Apache 1.3.6win32
Apache Group Apache 1.3.4
Apache Group Apache 1.3.3
Apache Group Apache 1.3.24win32
Apache Group Apache 1.3.24
Apache Group Apache 1.3.23win32
Apache Group Apache 1.3.23
Apache Group Apache 1.3.22win32
Apache Group Apache 1.3.22
Apache Group Apache 1.3.20win32
Apache Group Apache 1.3.20
Apache Group Apache 1.3.19win32
Apache Group Apache 1.3.19
Apache Group Apache 1.3.18win32
Apache Group Apache 1.3.18
Apache Group Apache 1.3.17win32
Apache Group Apache 1.3.17
Apache Group Apache 1.3.16win32
Apache Group Apache 1.3.15win32
Apache Group Apache 1.3.14win32
Apache Group Apache 1.3.14Mac
Apache Group Apache 1.3.14
Apache Group Apache 1.3.13win32
Apache Group Apache 1.3.12win32
Apache Group Apache 1.3.12
Apache Group Apache 1.3.11win32
Apache Group Apache 1.3.11
Apache Group Apache 1.3.1
Apache Group Apache 1.3
Apache Group Apache 2.0.39描述:
Apache Group Apache 1.3.26
BUGTRAQ ID: 5033
CVE(CAN) ID: CVE-2002-0392
Apache Web Server是一款非常流行的开放源码、功能强大的Web服务器程序,由Apache Software Foundation开发和维护。它可以运行在多种操作系统平台下,例如Unix/Linux/BSD系统以及Windows系统。
Apache在处理以分块(chunked)方式传输数据的HTTP请求时存在设计漏洞,远程攻击者可能利用此漏洞在某些Apache服务器上以Web服务器进程的权限执行任意指令或进行拒绝服务攻击。
分块编码(chunked encoding)传输方式是HTTP 1.1协议中定义的Web用户向服务器提交数据的一种方法,当服务器收到chunked编码方式的数据时会分配一个缓冲区存放之,如果提交的数据大小未知,客户端会以一个协商好的分块大小向服务器提交数据。
Apache服务器缺省也提供了对分块编码(chunked encoding)支持。Apache使用了一个有符号变量储存分块长度,同时分配了一个固定大小的堆栈缓冲区来储存分块数据。出于安全考虑,在将分块数据拷贝到缓冲区之前,Apache会对分块长度进行检查,如果分块长度大于缓冲区长度,Apache将最多只拷贝缓冲区长度的数据,否则,则根据分块长度进行数据拷贝。然而在进行上述检查时,没有将分块长度转换为无符号型进行比较,因此,如果攻击者将分块长度设置成一个负值,就会绕过上述安全检查,Apache会将一个超长(至少>0x80000000字节)的分块数据拷贝到缓冲区中,这会造成一个缓冲区溢出。
对于1.3到1.3.24(含1.3.24)版本的Apache,现在已经证实在Win32系统下, 远程攻击者可能利用这一漏洞执行任意代码。在UNIX系统下,也已经证实至少在OpenBSD系统下可以利用这一漏洞执行代码。据报告称下列系统也可以成功的利用:
* Sun Solaris 6-8 (sparc/x86)
* FreeBSD 4.3-4.5 (x86)
* OpenBSD 2.6-3.1 (x86)
* Linux (GNU) 2.4 (x86)
对于Apache 2.0到2.0.36(含2.0.36),尽管存在同样的问题代码,但它会检测错误出现的条件并使子进程退出。
根据不同因素,包括受影响系统支持的线程模式的影响,本漏洞可导致各种操作系统下运行的Apache Web服务器拒绝服务。
<*来源:Mark Litchfield (mark@ngssoftware.com)
链接:http://archives.neohapsis.com/archives/bugtraq/2002-06/0176.html
http://httpd.apache.org/info/security_bulletin_20020617.txt
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20502
http://www.cert.org/advisories/CA-2002-17.html
https://www.redhat.com/support/errata/RHSA-2002-103.html
http://www.debian.org/security/2002/dsa-131
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:04.asc
http://www.suse.com/de/support/security/2002_022_apache.html
*>
建议:
临时解决方法:
此安全漏洞没有好的临时解决方案,由于已经有一个有效的攻击代码被发布,我们建议您立刻升级到Apache最新版本。
厂商补丁:
Apache Group
------------
Apache Group已经为此发布了一个安全公告(SB-20020617)以及相应的升级程序:
SB-20020617:Apache httpd: vulnerability with chunked encoding
链接:http://httpd.apache.org/info/security_bulletin_20020617.txt
您可以在下列地址下载最新版本:
Apache 1.3.26:
Apache 2.0.39:
http://www.apache.org/dist/httpd/
Debian
------
Debian已经为此发布了一个安全公告(DSA-131-1)以及相应补丁:
DSA-131-1:Apache chunk handling vulnerability
链接:http://www.debian.org/security/2002/dsa-131
补丁下载:
Source archives:
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9-14.1.diff.gz
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9-14.1.dsc
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9.orig.tar.gz
Architecture independent archives:
http://security.debian.org/dists/stable/updates/main/binary-all/apache-doc_1.3.9-14.1_all.deb
Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache-common_1.3.9-14.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache-dev_1.3.9-14.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache_1.3.9-14.1_alpha.deb
ARM architecture:
http://security.debian.org/dists/stable/updates/main/binary-arm/apache-common_1.3.9-14.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/apache-dev_1.3.9-14.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/apache_1.3.9-14.1_arm.deb
Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/apache-common_1.3.9-14.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/apache-dev_1.3.9-14.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/apache_1.3.9-14.1_i386.deb
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache-common_1.3.9-14.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache-dev_1.3.9-14.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache_1.3.9-14.1_m68k.deb
PowerPC architecture:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-common_1.3.9-14.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-dev_1.3.9-14.1_powerpc.deb
http://security.debian.org/dists/stable/up
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
FreeBSD
-------
FreeBSD已经为此发布了一个安全公告(FreeBSD-SN-02:04)以及相应补丁:
FreeBSD-SN-02:04:security issues in ports
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:04 .asc
为了升级一个修复后的port包,可以采用下列两种方法中的任意一种:
1) 更新您的“Ports Collection”,然后重建、重新安装port.您可以使用下列几个工具来使升级工作更简单:
/usr/ports/devel/portcheckout
/usr/ports/misc/porteasy
/usr/ports/sysutils/portupgrade
2) 卸载旧的port软件包,从下列地址获取并安装一个新的包:
[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/
OpenBSD
-------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/005_httpd.patch
更多信息可以参考如下链接:
http://www.openbsd.org/errata.html#httpd
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2002:103-13)以及相应补丁:
RHSA-2002:103-13:Updated Apache packages fix chunked encoding issue
链接:https://www.redhat.com/support/errata/RHSA-2002-103.html
补丁下载:
Red Hat Linux 6.2:
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/apache-1.3.22-5.6.src.rpm
alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/apache-1.3.22-5.6.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/apache-devel-1.3.22-5.6.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/apache-manual-1.3.22-5.6.alpha.rpm
i386:
ftp://updates.redhat.com/6.2/en/os/i386/apache-1.3.22-5.6.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/apache-devel-1.3.22-5.6.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/apache-manual-1.3.22-5.6.i386.rpm
sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/apache-1.3.22-5.6.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/apache-devel-1.3.22-5.6.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/apache-manual-1.3.22-5.6.sparc.rpm
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/apache-1.3.22-5.7.1.src.rpm
alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/apache-1.3.22-5.7.1.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/apache-devel-1.3.22-5.7.1.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/apache-manual-1.3.22-5.7.1.alpha.rpm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/apache-1.3.22-5.7.1.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/apache-devel-1.3.22-5.7.1.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/apache-manual-1.3.22-5.7.1.i386.rpm
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/apache-1.3.22-5.7.1.src.rpm
alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/apache-1.3.22-5.7.1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/apache-devel-1.3.22-5.7.1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/apache-manual-1.3.22-5.7.1.alpha.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/apache-1.3.22-5.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/apache-devel-1.3.22-5.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/apache-manual-1.3.22-5.7.1.i386.rpm
ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/apache-1.3.22-5.7.1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/apache-devel-1.3.22-5.7.1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/apache-manual-1.3.22-5.7.1.ia64.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/apache-1.3.22-6.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/apache-1.3.22-6.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/apache-devel-1.3.22-6.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/apache-manual-1.3.22-6.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/apache-1.3.22-6.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/apache-devel-1.3.22-6.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/apache-manual-1.3.22-6.ia64.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/apache-1.3.23-14.src.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/apache-1.3.23-14.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/apache-devel-1.3.23-14.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/apache-manual-1.3.23-14.i386.rpm
可使用下列命令安装补丁:
rpm -Fvh [文件名]
S.u.S.E.
--------
S.u.S.E.已经为此发布了一个安全公告(SuSE-SA:2002:022)以及相应补丁:
SuSE-SA:2002:022:apache
链接:http://www.suse.com/de/support/security/2002_022_apache.html
补丁下载:
i386 Intel Platform:
SuSE-8.0
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/apache-1.3.23-120.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/apache-1.3.23-120.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n3/apache-devel-1.3.23-120.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n3/apache-devel-1.3.23-120.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n3/apache-doc-1.3.23-120.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n3/apache-doc-1.3.23-120.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec2/mod_ssl-2.8.7-88.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec2/mod_ssl-2.8.7-88.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/apache-1.3.23-120.src.rpm
SuSE-7.3
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/apache-1.3.20-66.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/apache-devel-1.3.20-66.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/apache-doc-1.3.20-66.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/sec2/mod_ssl-2.8.4-66.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/apache-1.3.20-66.src.rpm
SuSE-7.2
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/apache-1.3.19-116.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/apache-devel-1.3.19-116.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/apache-doc-1.3.19-116.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/sec2/mod_ssl-2.8.3-56.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/apache-1.3.19-116.src.rpm
SuSE-7.1
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/apache-1.3.19-115.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.1/sec2/mod_ssl-2.8.1-0.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/apache-1.3.19-115.src.rpm
SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/apache-1.3.19-115.i386.rpm
ftp://ftp.suse.de/pub/suse/i386/update/7.0/sec1/mod_ssl-2.8.2-33.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/apache-1.3.19-115.src.rpm
SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/apache-1.3.19-115.i386.rpm
ftp://ftp.suse.de/pub/suse/i386/update/6.4/sec1/mod_ssl-2.8.1-0.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/apache-1.3.19-115.src.rpm
PPC Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/apache-1.3.20-52.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/apache-devel-1.3.20-52.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/apache-doc-1.3.20-52.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/sec2/mod_ssl-2.8.4-52.ppc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/apache-1.3.20-52.src.rpm
SuSE-7.1
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/apache-1.3.19-56.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/sec2/mod_ssl-2.8.1-0.ppc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/apache-1.3.19-56.src.rpm
SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/apache-1.3.19-56.ppc.rpm
ftp://ftp.suse.de/pub/suse/ppc/update/7.0/sec1/mod_ssl-2.8.2-15.ppc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/apache-1.3.19-56.src.rpm
SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/apache-1.3.19-56.ppc.rpm
ftp://ftp.suse.de/pub/suse/ppc/update/6.4/sec1/mod_ssl-2.8.1-0.ppc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/apache-1.3.19-56.src.rpm
补丁安装方法:
用“rpm -Fhv file.rpm”命令安装文件。
浏览次数:17358
严重程度:0(网友投票)
绿盟科技给您安全的保障