ANTICHAT - Уязвимости Ngnix-1.8.0

Нашел уязвимости в nginx-1.8.0

Раскрутить что нибудь можно?!

Severity: High

Issue: umask

umask() can easily be used to create files with unsafe priviledges. It should be set to restrictive values.

File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_daemon.c

Lines: 36

Severity: High

Issue: getenv

Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length.

File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_freebsd_init.c

Lines: 90

File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_time.c

Lines: 29

File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_darwin_init.c

Lines: 81

File: /root/Downloads/nginx-1.8.0//src/misc/ngx_google_perftools_module.c

Lines: 104

File: /root/Downloads/nginx-1.8.0//src/core/nginx.c

Lines: 433

Severity: High

Issue: fixed size global buffer

Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_channel.c

Lines: 26 106

File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_time.c

Lines: 44

File: /root/Downloads/nginx-1.8.0//src/event/ngx_event_openssl.c

Lines: 1109

File: /root/Downloads/nginx-1.8.0//src/http/ngx_http_request.c

Lines: 2718

File: /root/Downloads/nginx-1.8.0//src/http/modules/ngx_http_ssi_filter_module.c

Lines: 2729

File: /root/Downloads/nginx-1.8.0//src/http/modules/ngx_http_upstream_keepalive_module.c

Lines: 375

File: /root/Downloads/nginx-1.8.0//src/http/ngx_http_upstream.c

Lines: 1114

File: /root/Downloads/nginx-1.8.0//src/core/ngx_cycle.c

Lines: 56

Severity: High

Issue: gethostbyname

DNS results can easily be forged by an attacker (or arbitrarily set to large values, etc), and should not be trusted.

File: /root/Downloads/nginx-1.8.0//src/core/ngx_inet.c

Lines: 1118

Severity: Medium

Issue: read

Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space.

File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_files.c

Lines: 55

File: /root/Downloads/nginx-1.8.0//src/event/modules/ngx_epoll_module.c

Lines: 432 873

Severity: Medium

Issue: crypt

Standard random number generators should not be used to generate randomness used for security reasons. For security sensitive randomness a crytographic randomness generator that provides sufficient entropy should be used.

File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_user.c

Lines: 67

Severity: Medium

Issue: srandom

Standard random number generators should not be used to generate randomness used for security reasons. For security sensitive randomness a crytographic randomness generator that provides sufficient entropy should be used.

File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_posix_init.c

Lines: 78

File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_process_cycle.c

Lines: 913

Severity: Medium

Issue: X509_NAME_oneline

Allow the function to dynamically allocate the buffer. If you insist on a fixed buffer, then double check that your buffer is as big as you specify.

File: /root/Downloads/nginx-1.8.0//src/event/ngx_event_openssl.c

Lines: 675 678 3299 3341

Severity: Medium

Issue: OPENSSL_free

Does the memory need to be cleaned before freeing?

File: /root/Downloads/nginx-1.8.0//src/event/ngx_event_openssl.c

Lines: 686 690 3306 3313 3348 3355