ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 


  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА












     АРХИВ :: nginx-ru
Nginx-ru mailing list archive (nginx-ru@sysoev.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: nginx WebDAV Directory Traversal Security Issue



On Thu, Sep 24, 2009 at 08:45:05AM +0359, Роман Веретельников wrote:

> Здравствуйте.
> 
> Пришло сегодня по рассылке Secunia:
> 
> TITLE:
> nginx WebDAV Directory Traversal Security Issue
> 
> SECUNIA ADVISORY ID:
> SA36818
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/36818/
> 
> DESCRIPTION:
> A security issue has been discovered in nginx, which can be exploited
> by malicious people to bypass certain security restrictions.
> 
> The security issue is caused due to nginx not properly verifying the
> path for the WebDAV "MOVE" and "COPY" methods, which can be exploited
> to e.g. write to files outside the specified document root.
> 
> Successful exploitation requires that the server has been compiled
> with the http_dav_module and that the attacker is allowed to use the
> "MOVE" or "COPY" methods.
> 
> The security issue is reported in version 0.7.61 and confirmed in
> version 0.7.62. Other versions may also be affected.
> 
> SOLUTION:
> Restrict access to trusted users only.

Спасибо, поправим, но, вообще, разрешать PUT/DELETE/MOVE/COPY не trusted
users я бы никогда не стал.

> PROVIDED AND/OR DISCOVERED BY:
> Kingcope
> 
> ORIGINAL ADVISORY:
> http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html


-- 
Игорь Сысоев
http://sysoev.ru



 




Copyright © Lexa Software, 1996-2009.