gentype
16.11.2015, 18:54
Нашел уязвимости в nginx-1.8.0
Раскрутить что нибудь можно?!
Severity: High
Issue: umask
umask() can easily be used to create files with unsafe priviledges. It should be set to restrictive values.
File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_daemon.c
Lines: 36
Severity: High
Issue: getenv
Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length.
File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_freebsd_init.c
Lines: 90
File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_time.c
Lines: 29
File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_darwin_init.c
Lines: 81
File: /root/Downloads/nginx-1.8.0//src/misc/ngx_google_perftools_module.c
Lines: 104
File: /root/Downloads/nginx-1.8.0//src/core/nginx.c
Lines: 433
Severity: High
Issue: fixed size global buffer
Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_channel.c
Lines: 26 106
File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_time.c
Lines: 44
File: /root/Downloads/nginx-1.8.0//src/event/ngx_event_openssl.c
Lines: 1109
File: /root/Downloads/nginx-1.8.0//src/http/ngx_http_request.c
Lines: 2718
File: /root/Downloads/nginx-1.8.0//src/http/modules/ngx_http_ssi_filter_module.c
Lines: 2729
File: /root/Downloads/nginx-1.8.0//src/http/modules/ngx_http_upstream_keepalive_module.c
Lines: 375
File: /root/Downloads/nginx-1.8.0//src/http/ngx_http_upstream.c
Lines: 1114
File: /root/Downloads/nginx-1.8.0//src/core/ngx_cycle.c
Lines: 56
Severity: High
Issue: gethostbyname
DNS results can easily be forged by an attacker (or arbitrarily set to large values, etc), and should not be trusted.
File: /root/Downloads/nginx-1.8.0//src/core/ngx_inet.c
Lines: 1118
Severity: Medium
Issue: read
Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_files.c
Lines: 55
File: /root/Downloads/nginx-1.8.0//src/event/modules/ngx_epoll_module.c
Lines: 432 873
Severity: Medium
Issue: crypt
Standard random number generators should not be used to generate randomness used for security reasons. For security sensitive randomness a crytographic randomness generator that provides sufficient entropy should be used.
File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_user.c
Lines: 67
Severity: Medium
Issue: srandom
Standard random number generators should not be used to generate randomness used for security reasons. For security sensitive randomness a crytographic randomness generator that provides sufficient entropy should be used.
File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_posix_init.c
Lines: 78
File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_process_cycle.c
Lines: 913
Severity: Medium
Issue: X509_NAME_oneline
Allow the function to dynamically allocate the buffer. If you insist on a fixed buffer, then double check that your buffer is as big as you specify.
File: /root/Downloads/nginx-1.8.0//src/event/ngx_event_openssl.c
Lines: 675 678 3299 3341
Severity: Medium
Issue: OPENSSL_free
Does the memory need to be cleaned before freeing?
File: /root/Downloads/nginx-1.8.0//src/event/ngx_event_openssl.c
Lines: 686 690 3306 3313 3348 3355
Раскрутить что нибудь можно?!
Severity: High
Issue: umask
umask() can easily be used to create files with unsafe priviledges. It should be set to restrictive values.
File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_daemon.c
Lines: 36
Severity: High
Issue: getenv
Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length.
File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_freebsd_init.c
Lines: 90
File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_time.c
Lines: 29
File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_darwin_init.c
Lines: 81
File: /root/Downloads/nginx-1.8.0//src/misc/ngx_google_perftools_module.c
Lines: 104
File: /root/Downloads/nginx-1.8.0//src/core/nginx.c
Lines: 433
Severity: High
Issue: fixed size global buffer
Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.
File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_channel.c
Lines: 26 106
File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_time.c
Lines: 44
File: /root/Downloads/nginx-1.8.0//src/event/ngx_event_openssl.c
Lines: 1109
File: /root/Downloads/nginx-1.8.0//src/http/ngx_http_request.c
Lines: 2718
File: /root/Downloads/nginx-1.8.0//src/http/modules/ngx_http_ssi_filter_module.c
Lines: 2729
File: /root/Downloads/nginx-1.8.0//src/http/modules/ngx_http_upstream_keepalive_module.c
Lines: 375
File: /root/Downloads/nginx-1.8.0//src/http/ngx_http_upstream.c
Lines: 1114
File: /root/Downloads/nginx-1.8.0//src/core/ngx_cycle.c
Lines: 56
Severity: High
Issue: gethostbyname
DNS results can easily be forged by an attacker (or arbitrarily set to large values, etc), and should not be trusted.
File: /root/Downloads/nginx-1.8.0//src/core/ngx_inet.c
Lines: 1118
Severity: Medium
Issue: read
Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.
File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_files.c
Lines: 55
File: /root/Downloads/nginx-1.8.0//src/event/modules/ngx_epoll_module.c
Lines: 432 873
Severity: Medium
Issue: crypt
Standard random number generators should not be used to generate randomness used for security reasons. For security sensitive randomness a crytographic randomness generator that provides sufficient entropy should be used.
File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_user.c
Lines: 67
Severity: Medium
Issue: srandom
Standard random number generators should not be used to generate randomness used for security reasons. For security sensitive randomness a crytographic randomness generator that provides sufficient entropy should be used.
File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_posix_init.c
Lines: 78
File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_process_cycle.c
Lines: 913
Severity: Medium
Issue: X509_NAME_oneline
Allow the function to dynamically allocate the buffer. If you insist on a fixed buffer, then double check that your buffer is as big as you specify.
File: /root/Downloads/nginx-1.8.0//src/event/ngx_event_openssl.c
Lines: 675 678 3299 3341
Severity: Medium
Issue: OPENSSL_free
Does the memory need to be cleaned before freeing?
File: /root/Downloads/nginx-1.8.0//src/event/ngx_event_openssl.c
Lines: 686 690 3306 3313 3348 3355