首页 -> 安全研究
安全研究
安全漏洞
Mod_SSL Wildcard DNS跨站脚本执行漏洞
发布日期:2002-10-22
更新日期:2002-10-28
受影响系统:
OpenPKG OpenPKG Current描述:
OpenPKG OpenPKG 1.1
OpenPKG OpenPKG 1.0
Mod_SSL mod_ssl 2.4.10
- Debian Linux 2.2 alpha
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 arm
- Debian Linux 2.2 sparc
- Debian Linux 2.2 68k
- Debian Linux 2.2 IA-32
Mod_SSL mod_ssl 2.8.10
- Debian Linux 3.0 IA-32
- Debian Linux 3.0 alpha
- Debian Linux 3.0 i386
- Debian Linux 3.0 68k
- Debian Linux 3.0 arm
- Mandrake Linux 9.0
- Mandrake Linux 8.2
- Mandrake Linux 8.1
- Mandrake Linux 8.0
- Mandrake Linux 7.2
BUGTRAQ ID: 6029
CVE(CAN) ID: CVE-2002-1157
Mod_SSL是Apache服务器上的SSL实现,用来为Apache Web服务器提供加密支持。
Apache使用mod_ssl模块时会返回没有过滤的服务器名,远程攻击者可以利用这个漏洞构建恶意WEB页,诱使用户点击,进行跨站脚本执行攻击。
当服务器使用"UseCanonicalName off"(默认情况下不是默认设置)和统配DNS结合的配置时,就可以导致这个跨站脚本执行攻击漏洞。如果这个设置为off的情况下,Apache就会使用Hostname:port应答HTTP请求,不过在返回的时候没有对hostname数据进行正确的过滤。如果这个设置为on的情况下,Apache就构建自引用URL和使用ServerName:port形式进行应答。
攻击者可以通过构建包含主机名为任意HTML和脚本代码的链接,诱使目标用户点击链接,就可以导致攻击者提供的脚本代码在客户端浏览器上执行,可窃取基于Cookie认证的信息,也可能获得本地文件内容。
<*来源:Joe Orton.
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103538612014403&w=2
http://www.debian.org/security/2002/dsa-181
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-072.php
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 暂时关闭浏览器的javascript功能。
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-181-1)以及相应补丁:
DSA-181-1:New mod_ssl packages fix cross site scripting
链接:http://www.debian.org/security/2002/dsa-181
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato4.dsc
Size/MD5 checksum: 705 db7c60ce194c218b07b79968585a3065
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato4.diff.gz
Size/MD5 checksum: 20194 4c9fd112ca2a50ccbb21f76917012b88
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9.orig.tar.gz
Size/MD5 checksum: 695247 cb0f2e07065438396f0d5df403dd2c16
Architecture independent components:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl-doc_2.4.10-1.3.9-1potato4_all.deb
Size/MD5 checksum: 278090 12bc6e09fb5ec76f4b37ed5c295470eb
Alpha architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato4_alpha.deb
Size/MD5 checksum: 211734 c4d690aed7c335ceeb204dd913e36a39
ARM architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato4_arm.deb
Size/MD5 checksum: 203106 5847b3d90d092dfa6e806a6d9ee8fe90
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato4_i386.deb
Size/MD5 checksum: 199266 6c89113c7cf5d0e82c436fe967c7b2f3
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato4_m68k.deb
Size/MD5 checksum: 203612 0631d1e03e921c5a10ff2f4f6e0093f8
PowerPC architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato4_powerpc.deb
Size/MD5 checksum: 201282 98666b5d76aa20e5a5e1b5ee331a9b71
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato4_sparc.deb
Size/MD5 checksum: 202150 9f9df58c9cf85683d65ddd92f2c8551e
Debian GNU/Linux 3.0 alias woody
--------------------------------
Source archives:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1.dsc
Size/MD5 checksum: 678 8326399384a276295ed312f3314f8b2a
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1.diff.gz
Size/MD5 checksum: 21672 3c6e87aad1113d19c04e2824e7fc6345
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9.orig.tar.gz
Size/MD5 checksum: 752613 aad438a4eaeeee29ae74483f7afe9db0
Architecture independent components:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl-doc_2.8.9-2.1_all.deb
Size/MD5 checksum: 287898 7c5f6a20d23ec97bd7d0f8ec5bd14172
Alpha architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_alpha.deb
Size/MD5 checksum: 247800 0e6312d4ce0a5acd4f0291aff658f8ee
ARM architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_arm.deb
Size/MD5 checksum: 240094 9bf9083652950cc47033d4774de9737f
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_i386.deb
Size/MD5 checksum: 238156 9756a3701103f8779c65455c968898c3
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_ia64.deb
Size/MD5 checksum: 268682 b00a8b74ecda50dea58ab8ab199f8f33
HP Precision architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_hppa.deb
Size/MD5 checksum: 248092 102048ee2fa63c33d8076fc3a44b8305
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_m68k.deb
Size/MD5 checksum: 240990 4a8853fadd213fca4057dee5897f3225
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_mips.deb
Size/MD5 checksum: 236080 53a779235110dff18ecaf8806ac8b3f8
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_mipsel.deb
Size/MD5 checksum: 236018 3e1ed4ecc89de7cd2acdf21138ddf8ed
PowerPC architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_powerpc.deb
Size/MD5 checksum: 241870 e6fd0818db87cd255ce49109a334f01c
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_s390.deb
Size/MD5 checksum: 241976 15ce16daec984b8414e544b67e970920
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_sparc.deb
Size/MD5 checksum: 244152 b5fc2de1d7552c528262989c5983b63f
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2002:072)以及相应补丁:
MDKSA-2002:072:mod_ssl
链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-072.php
补丁下载:
Updated Packages:
Linux-Mandrake 7.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/mod_ssl-2.8.5-3.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/SRPMS/mod_ssl-2.8.5-3.2mdk.src.rpm
Mandrake Linux 8.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/mod_ssl-2.8.5-3.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/SRPMS/mod_ssl-2.8.5-3.2mdk.src.rpm
Mandrake Linux 8.0/ppc:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/mod_ssl-2.8.5-3.2mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/SRPMS/mod_ssl-2.8.5-3.2mdk.src.rpm
Mandrake Linux 8.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/mod_ssl-2.8.5-3.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/SRPMS/mod_ssl-2.8.5-3.2mdk.src.rpm
Mandrake Linux 8.1/ia64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/mod_ssl-2.8.5-3.2mdk.ia64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/SRPMS/mod_ssl-2.8.5-3.2mdk.src.rpm
Mandrake Linux 8.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/mod_ssl-2.8.7-3.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/SRPMS/mod_ssl-2.8.7-3.2mdk.src.rpm
Mandrake Linux 8.2/ppc:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/mod_ssl-2.8.7-3.2mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/SRPMS/mod_ssl-2.8.7-3.2mdk.src.rpm
Mandrake Linux 9.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/mod_ssl-2.8.10-5.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/SRPMS/mod_ssl-2.8.10-5.1mdk.src.rpm
Single Network Firewall 7.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/snf7.2/RPMS/mod_ssl-2.8.4-5.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/snf7.2/SRPMS/mod_ssl-2.8.4-5.2mdk.src.rpm
上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
http://www.mandrakesecure.net/en/ftp.php
OpenPKG
-------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
OpenPKG OpenPKG Current:
OpenPKG Upgrade apache-1.3.27-20021023.src.rpm
ftp://ftp.openpkg.org/current/SRC/apache-1.3.27-20021023.src.rpm
OpenPKG OpenPKG 1.0:
OpenPKG Upgrade apache-1.3.22-1.0.6.src.rpm
ftp://ftp.openpkg.org/release/1.0/UPD/apache-1.3.22-1.0.6.src.rpm
OpenPKG OpenPKG 1.1:
OpenPKG Upgrade apache-1.3.26-1.1.2.src.rpm
ftp://ftp.openpkg.org/release/1.1/UPD/apache-1.3.26-1.1.2.src.rpm
浏览次数:4997
严重程度:0(网友投票)
绿盟科技给您安全的保障