nginx WebDAV Directory Traversal Security Issue

Igor Sysoev is at rambler-co.ru
Thu Sep 24 10:04:37 MSD 2009


On Thu, Sep 24, 2009 at 08:45:05AM +0359, Роман Веретельников wrote:

> Здравствуйте.
> 
> Пришло сегодня по рассылке Secunia:
> 
> TITLE:
> nginx WebDAV Directory Traversal Security Issue
> 
> SECUNIA ADVISORY ID:
> SA36818
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/36818/
> 
> DESCRIPTION:
> A security issue has been discovered in nginx, which can be exploited
> by malicious people to bypass certain security restrictions.
> 
> The security issue is caused due to nginx not properly verifying the
> path for the WebDAV "MOVE" and "COPY" methods, which can be exploited
> to e.g. write to files outside the specified document root.
> 
> Successful exploitation requires that the server has been compiled
> with the http_dav_module and that the attacker is allowed to use the
> "MOVE" or "COPY" methods.
> 
> The security issue is reported in version 0.7.61 and confirmed in
> version 0.7.62. Other versions may also be affected.
> 
> SOLUTION:
> Restrict access to trusted users only.

Спасибо, поправим, но, вообще, разрешать PUT/DELETE/MOVE/COPY не trusted
users я бы никогда не стал.

> PROVIDED AND/OR DISCOVERED BY:
> Kingcope
> 
> ORIGINAL ADVISORY:
> http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html


-- 
Игорь Сысоев
http://sysoev.ru





More information about the nginx-ru mailing list