Nginx-ru mailing list archive (nginx-ru@sysoev.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: nginx WebDAV Directory Traversal Security Issue
On Thu, Sep 24, 2009 at 08:45:05AM +0359, Роман Веретельников wrote:
> Здравствуйте.
>
> Пришло сегодня по рассылке Secunia:
>
> TITLE:
> nginx WebDAV Directory Traversal Security Issue
>
> SECUNIA ADVISORY ID:
> SA36818
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/36818/
>
> DESCRIPTION:
> A security issue has been discovered in nginx, which can be exploited
> by malicious people to bypass certain security restrictions.
>
> The security issue is caused due to nginx not properly verifying the
> path for the WebDAV "MOVE" and "COPY" methods, which can be exploited
> to e.g. write to files outside the specified document root.
>
> Successful exploitation requires that the server has been compiled
> with the http_dav_module and that the attacker is allowed to use the
> "MOVE" or "COPY" methods.
>
> The security issue is reported in version 0.7.61 and confirmed in
> version 0.7.62. Other versions may also be affected.
>
> SOLUTION:
> Restrict access to trusted users only.
Спасибо, поправим, но, вообще, разрешать PUT/DELETE/MOVE/COPY не trusted
users я бы никогда не стал.
> PROVIDED AND/OR DISCOVERED BY:
> Kingcope
>
> ORIGINAL ADVISORY:
> http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html
--
Игорь Сысоев
http://sysoev.ru
|