漏洞信息详情
Apache Web Server分块编码远程溢出漏洞
- CNNVD编号:CNNVD-200207-041
- 危害等级: 高危
![图片[1]-Apache Web Server分块编码远程溢出漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-04-26/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2002-0392
- 漏洞类型:
未知
- 发布时间:
2002-06-18
- 威胁类型:
远程
- 更新时间:
2006-04-07
- 厂 商:
apache - 漏洞来源:
Mark Litchfield※ m… -
漏洞简介
Apache Web Server是一款非常流行的开放源码、功能强大的Web服务器程序,由Apache Software Foundation开发和维护。它可以运行在多种操作系统平台下,例如Unix/Linux/BSD系统以及Windows系统。
Apache在处理以分块(chunked)方式传输数据的HTTP请求时存在设计漏洞,远程攻击者可能利用此漏洞在某些Apache服务器上以Web服务器进程的权限执行任意指令或进行拒绝服务攻击。
分块编码(chunked encoding)传输方式是HTTP 1.1协议中定义的Web用户向服务器提交数据的一种方法,当服务器收到chunked编码方式的数据时会分配一个缓冲区存放之,如果提交的数据大小未知,客户端会以一个协商好的分块大小向服务器提交数据。
Apache服务器缺省也提供了对分块编码(chunked encoding)支持。Apache使用了一个有符号变量储存分块长度,同时分配了一个固定大小的堆栈缓冲区来储存分块数据。出于安全考虑,在将分块数据拷贝到缓冲区之前,Apache会对分块长度进行检查,如果分块长度大于缓冲区长度,Apache将最多只拷贝缓冲区长度的数据,否则,则根据分块长度进行数据拷贝。然而在进行上述检查时,没有将分块长度转换为无符号型进行比较,因此,如果攻击者将分块长度设置成一个负值,就会绕过上述安全检查,Apache会将一个超长(至少>0x80000000字节)的分块数据拷贝到缓冲区中,这会造成一个缓冲区溢出。
对于1.3到1.3.24(含1.3.24)版本的Apache,现在已经证实在Win32系统下, 远程攻击者可能利用这一漏洞执行任意代码。在UNIX系统下,也已经证实至少在OpenBSD系统下可以利用这一漏洞执行代码。据报告称下列系统也可以成功的利用:
* Sun Solaris 6-8 (sparc/x86)
* FreeBSD 4.3-4.5 (x86)
* OpenBSD 2.6-3.1 (x86)
* Linux (GNU) 2.4 (x86)
对于Apache 2.0到2.0.36(含2.0.36),尽管存在同样的问题代码,但它会检测错误出现的条件并使子进程退出。
根据不同因素,包括受影响系统支持的线程模式的影响,本漏洞可导致各种操作系统下运行的Apache Web服务器拒绝服务。
漏洞公告
临时解决方法:
此安全漏洞没有好的临时解决方案,由于已经有一个有效的攻击代码被发布,我们建议您立刻升级到Apache最新版本。
厂商补丁:
Apache Group
————
Apache Group已经为此发布了一个安全公告(SB-20020617)以及相应的升级程序:
SB-20020617:Apache httpd: vulnerability with chunked encoding
链接:http://httpd.apache.org/info/security_bulletin_20020617.txt” target=”_blank”>
http://httpd.apache.org/info/security_bulletin_20020617.txt
您可以在下列地址下载最新版本:
Apache 1.3.26:
Apache 2.0.39:
http://www.apache.org/dist/httpd/” target=”_blank”>
http://www.apache.org/dist/httpd/
Debian
——
Debian已经为此发布了一个安全公告(DSA-131-1)以及相应补丁:
DSA-131-1:Apache chunk handling vulnerability
链接:http://www.debian.org/security/2002/dsa-131” target=”_blank”>
http://www.debian.org/security/2002/dsa-131
补丁下载:
Source archives:
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9-14.1.diff.gz” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9-14.1.diff.gz
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9-14.1.dsc” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9-14.1.dsc
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9.orig.tar.gz” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9.orig.tar.gz
Architecture independent archives:
http://security.debian.org/dists/stable/updates/main/binary-all/apache-doc_1.3.9-14.1_all.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-all/apache-doc_1.3.9-14.1_all.deb
Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache-common_1.3.9-14.1_alpha.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache-common_1.3.9-14.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache-dev_1.3.9-14.1_alpha.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache-dev_1.3.9-14.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache_1.3.9-14.1_alpha.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache_1.3.9-14.1_alpha.deb
ARM architecture:
http://security.debian.org/dists/stable/updates/main/binary-arm/apache-common_1.3.9-14.1_arm.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-arm/apache-common_1.3.9-14.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/apache-dev_1.3.9-14.1_arm.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-arm/apache-dev_1.3.9-14.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/apache_1.3.9-14.1_arm.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-arm/apache_1.3.9-14.1_arm.deb
Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/apache-common_1.3.9-14.1_i386.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-i386/apache-common_1.3.9-14.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/apache-dev_1.3.9-14.1_i386.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-i386/apache-dev_1.3.9-14.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/apache_1.3.9-14.1_i386.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-i386/apache_1.3.9-14.1_i386.deb
Motorola 680×0 architecture:
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache-common_1.3.9-14.1_m68k.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache-common_1.3.9-14.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache-dev_1.3.9-14.1_m68k.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache-dev_1.3.9-14.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache_1.3.9-14.1_m68k.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache_1.3.9-14.1_m68k.deb
PowerPC architecture:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-common_1.3.9-14.1_powerpc.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-common_1.3.9-14.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-dev_1.3.9-14.1_powerpc.deb” target=”_blank”>
http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-dev_1.3.9-14.1_powerpc.deb
http://security.debian.org/dists/stable/up” target=”_blank”>
http://security.debian.org/dists/stable/up
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
FreeBSD
——-
FreeBSD已经为此发布了一个安全公告(FreeBSD-SN-02:04)以及相应补丁:
FreeBSD-SN-02:04:security issues in ports
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:04 .asc
为了升级一个修复后的port包,可以采用下列两种方法中的任意一种:
1) 更新您的”Ports Collection”,然后重建、重新安装port.您可以使用下列几个工具来使升级工作更简单:
/usr/ports/devel/portcheckout
/usr/ports/misc/porteasy
/usr/ports/sysutils/portupgrade
2) 卸载旧的port软件包,从下列地址获取并安装一个新的包:
[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/
OpenBSD
——-
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/005_httpd.patch
更多信息可以参考如下链接:
http://www.openbsd.org/errata.html#httpd” target=”_blank”>
http://www.openbsd.org/errata.html#httpd
RedHat
——
RedHat已经为此发布了一个安全公告(RHSA-2002:103-13)以及相应补丁:
RHSA-2002:103-13:Updated Apache packages fix chunked encoding issue
链接:https://www.redhat.com/support/errata/RHSA-2002-103.html” target=”_blank”>https://www.redhat.com/support/errata/RHSA-2002-103.html
补丁下载:
Red Hat Linux 6.2:
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/apache-1.3.22-5.6.src.rpm
alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/apache-1.3.22-5.6.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/apache-devel-1.3.22-5.6.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/apache-manual-1.3.22-5.6.alpha.rpm
i386:
ftp://updates.redhat.com/6.2/en/os/i386/apache-1.3.22-5.6.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/apache-devel-1.3.22-5.6.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/apache-manual-1.3.22-5.6.i386.rpm
sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/apache-1.3.22-5.6.sparc.rpm
参考网址
来源:CERT/CC Advisory: CA-2002-17
名称: CA-2002-17
链接:http://www.cert.org/advisories/CA-2002-17.html
来源:US-CERT Vulnerability Note: VU#944335
名称: VU#944335
链接:http://www.kb.cert.org/vuls/id/944335
来源: httpd.apache.org
链接:http://httpd.apache.org/info/security_bulletin_20020617.txt
来源: HP
名称: SSRT050968
链接:http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000083816475
来源: BID
名称: 5033
链接:http://www.securityfocus.com/bid/5033
来源: BID
名称: 20005
链接:http://www.securityfocus.com/bid/20005
来源: REDHAT
名称: RHSA-2003:106
链接:http://www.redhat.com/support/errata/RHSA-2003-106.html
来源: REDHAT
名称: RHSA-2002:150
链接:http://www.redhat.com/support/errata/RHSA-2002-150.html
来源: REDHAT
名称: RHSA-2002:126
链接:http://www.redhat.com/support/errata/RHSA-2002-126.html
来源: OSVDB
名称: 838
链接:http://www.osvdb.org/838
来源: SUSE
名称: SuSE-SA:2002:022
链接:http://www.novell.com/linux/security/advisories/2002_22_apache.html
来源: ENGARDE
名称: ESA-20020619-014
链接:http://www.linuxsecurity.com/advisories/other_advisory-2137.html
来源: XF
名称: apache-chunked-encoding-bo(9249)
链接:http://www.iss.net/security_center/static/9249.php
来源: FRSIRT
名称: ADV-2006-3598
链接:http://www.frsirt.com/english/advisories/2006/3598
来源: DEBIAN
名称: DSA-133
链接:http://www.debian.org/security/2002/dsa-133
来源: DEBIAN
名称: DSA-132
链接:http://www.debian.org/security/2002/dsa-132
来源: DEBIAN
名称: DSA-131
链接:http://www.debian.org/security/2002/dsa-131
来源: SECUNIA
名称: 21917
链接:http://secunia.com/advisories/21917
来源: REDHAT
名称: RHSA-2002:118
链接:http://rhn.redhat.com/errata/RHSA-2002-118.html
来源: REDHAT
名称: RHSA-2002:117
链接:http://rhn.redhat.com/errata/RHSA-2002-117.html
来源: REDHAT
名称: RHSA-2002:103
链接:http://rhn.redhat.com/errata/RHSA-2002-103.html
来源: BUGTRAQ
名称: 20020621 [SECURITY] Remote exploit for 32-bit Apache HTTP Server known
链接:http://online.securityfocus.com/archive/1/278149
来源: HP
名称: HPSBUX0207-197
链接:http://online.securityfocus.com/advisories/4257
来源: HP
名称: HPSBTL0206-049
链接:http://online.securityfocus.com/advisories/4240
来源: MANDRAKE
名称: MDKSA-2002:039
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:039
来源: CONECTIVA
名称: CLSA-2002:498
链接:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000498
来源: BUGTRAQ
名称: 20020621 [slackware-security] new apache/mod_ssl packages available
链接:http://archives.neohapsis.com/archives/bugtraq/2002-06/0266.html
来源: BUGTRAQ
名称: 20020619 [OpenPKG-SA-2002.004] OpenPKG Security Advisory (apache)
链接:http://archives.neohapsis.com/archives/bugtraq/2002-06/0235.html
来源: SGI
名称: 20020605-01-I
链接:ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I
来源: SGI
名称: 20020605-01-A
链接:ftp://patches.sgi.com/support/free/security/advisories/20020605-01-A
来源: CALDERA
名称: CSSA-2002-SCO.31
链接:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31
来源: CALDERA
名称: CSSA-2002-SCO.32
链接:ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32
来源: CALDERA
名称: CSSA-2002-029.0
链接:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txt
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
