Add CVE-2021-3449

This commit is contained in:
cc_plus_plus 2023-03-13 07:10:02 +00:00
parent a5e4af5f99
commit a48a239cd6
17 changed files with 2 additions and 270 deletions

View File

@ -1,9 +0,0 @@
*
!*.so*
!openssl
!server.pem
!apache-default-ssl.conf
!haproxy.cfg
!lighttpd-10-ssl.conf
!nginx.conf
!nodejs.js

View File

@ -1,7 +0,0 @@
/openssl-1.1.1j/
/openssl_dir
/openssl-1.1.1j.tar.gz
/openssl-1.1.1j.tar.gz.download
/openssl
*.pem
*.so*

View File

@ -1,69 +0,0 @@
CFLAGS ?= -Og -Wall
export CFLAGS
CXXFLAGS ?= -Og -Wall
export CXXFLAGS
IMAGE_PREFIX := local/cve-2021-3449
UBUNTU_VERSION ?= focal
IMAGE_INT := $(IMAGE_PREFIX)/base-$(UBUNTU_VERSION)
IMAGE_INT_REQ := build-base-$(UBUNTU_VERSION)
CONTAINER_PREFIX := cve-2021-3449
TARGETS := apache haproxy lighttpd nginx nodejs openssl
BUILD_TARGETS := $(addprefix build-, $(TARGETS))
.PHONY: $(BUILD_TARGETS)
$(BUILD_TARGETS): build-%: $(IMAGE_INT_REQ)
docker build -f $*.Dockerfile -t $(IMAGE_PREFIX)/$* --build-arg "BASE_IMAGE=$(IMAGE_INT)" .
START_TARGETS := $(addprefix start-, $(TARGETS))
.PHONY: $(START_TARGETS)
$(START_TARGETS): start-%: build-%
docker run -d -it --name $(CONTAINER_PREFIX)-$* --network host $(IMAGE_PREFIX)/$*
docker logs -f $(CONTAINER_PREFIX)-$* &
LOGS_TARGETS := $(addprefix logs-, $(TARGETS))
.PHONY: $(LOGS_TARGETS)
$(LOGS_TARGETS): logs-%:
docker logs $(CONTAINER_PREFIX)-$*
STOP_TARGETS := $(addprefix stop-, $(TARGETS))
.PHONY: $(STOP_TARGETS)
$(STOP_TARGETS): stop-%:
docker container rm -f $(CONTAINER_PREFIX)-$* || true
.PHONY: $(IMAGE_INT_REQ)
$(IMAGE_INT_REQ): libcrypto.so.1.1 libssl.so.1.1 openssl server.pem
docker build -f base.Dockerfile -t $(IMAGE_INT) --build-arg "BASE_IMAGE=ubuntu:$(UBUNTU_VERSION)" .
server.pem:
openssl req -x509 -newkey rsa:2048 -keyout ./key.pem -out ./cert.pem -days 365 -nodes -subj "/CN=dummycert/O=My Company Name/C=US"
cat key.pem cert.pem >> server.pem
rm key.pem cert.pem
.PHONY: clean
clean: $(STOP_TARGETS)
docker image rm -f $(addprefix $(IMAGE_PREFIX)/,$(TARGETS))
rm -rf ./*.pem ./*.so* ./openssl ./openssl_dir ./openssl-1.1.1j ./openssl-1.1.1j.tar.gz ./openssl-1.1.1j.tar.gz.download
openssl libcrypto.so.1.1 libssl.so.1.1: openssl_dir/Makefile
$(MAKE) -C openssl_dir -j4 apps/openssl libcrypto.so libssl.so
ln -f openssl_dir/libcrypto.so.1.1 libcrypto.so.1.1
ln -f openssl_dir/libssl.so.1.1 libssl.so.1.1
ln -f openssl_dir/apps/openssl openssl
openssl_dir/Makefile: openssl_dir/.downloaded
cd openssl_dir && ./config && $(MAKE) build_generated
openssl_dir/.downloaded: openssl-1.1.1j.tar.gz
tar -xzf openssl-1.1.1j.tar.gz
ln -sf openssl-1.1.1j openssl_dir
touch openssl_dir/.downloaded
openssl-1.1.1j.tar.gz: openssl-1.1.1j.tar.gz.download
sha256sum -c openssl-1.1.1j.tar.gz.sha256sum
ln -sf openssl-1.1.1j.tar.gz.download openssl-1.1.1j.tar.gz
openssl-1.1.1j.tar.gz.download:
curl https://www.openssl.org/source/old/1.1.1/openssl-1.1.1j.tar.gz --output openssl-1.1.1j.tar.gz.download

View File

@ -1,25 +0,0 @@
<IfModule mod_ssl.c>
<VirtualHost 127.0.0.1:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
LogLevel info ssl:debug
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

View File

@ -1,9 +0,0 @@
ARG BASE_IMAGE
FROM ${BASE_IMAGE}
WORKDIR /root
RUN DEBIAN_FRONTEND=noninteractive \
apt-get install -y apache2
COPY apache-default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf
RUN a2enmod ssl
ENTRYPOINT ["/bin/bash", "-c"]
CMD ["/usr/sbin/apachectl start && sleep 2 && tail -n+0 -f /var/log/apache2/error.log"]

View File

@ -1,11 +0,0 @@
# Create base system with a vulnerable OpenSSL version.
ARG BASE_IMAGE=ubuntu:bionic
FROM $BASE_IMAGE
RUN DEBIAN_FRONTEND=noninteractive \
apt-get update \
&& apt-get install -y libssl1.1 openssl gdb curl
# Patch in the vulnerable OpenSSL version.
COPY libssl.so.1.1 libcrypto.so.1.1 /usr/lib/x86_64-linux-gnu/
COPY openssl /usr/bin/
# Copy the self-signed certificate.
COPY server.pem /root/

View File

@ -1,8 +0,0 @@
ARG BASE_IMAGE
FROM ${BASE_IMAGE}
WORKDIR /root
RUN DEBIAN_FRONTEND=noninteractive \
apt-get install -y haproxy
COPY haproxy.cfg /etc/haproxy/
ENTRYPOINT ["/bin/bash", "-c"]
CMD ["haproxy -W -f /etc/haproxy/haproxy.cfg"]

View File

@ -1,16 +0,0 @@
# generated 2021-03-28, Mozilla Guideline v5.6, HAProxy 2.1, OpenSSL 1.1.1j, intermediate configuration
# https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.1j&guideline=5.6
global
# intermediate configuration
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
frontend ft_test
mode http
bind :4433 ssl crt /root/server.pem alpn h2,http/1.1
# HSTS (63072000 seconds)
http-response set-header Strict-Transport-Security max-age=63072000

View File

@ -1,21 +0,0 @@
# generated 2021-03-28, Mozilla Guideline v5.6, lighttpd 1.4.55, OpenSSL 1.1.1j, intermediate configuration
# https://ssl-config.mozilla.org/#server=lighttpd&version=1.4.55&config=intermediate&openssl=1.1.1j&guideline=5.6
$SERVER["socket"] == ":80" {
url.redirect = ("" => "https://${url.authority}${url.path}${qsa}")
}
$SERVER["socket"] == ":4433" {
ssl.engine = "enable"
ssl.pemfile = "/root/server.pem"
# intermediate configuration
ssl.openssl.ssl-conf-cmd = ("Protocol" => "ALL, -SSLv2, -SSLv3, -TLSv1, -TLSv1.1")
ssl.cipher-list = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
ssl.honor-cipher-order = "disable"
# HTTP Strict Transport Security (63072000 seconds)
setenv.add-response-header = (
"Strict-Transport-Security" => "max-age=63072000"
)
}

View File

@ -1,8 +0,0 @@
ARG BASE_IMAGE
FROM ${BASE_IMAGE}
WORKDIR /root
RUN DEBIAN_FRONTEND=noninteractive \
apt-get install -y lighttpd
COPY lighttpd-10-ssl.conf /etc/lighttpd/conf-enabled/10-ssl.conf
ENTRYPOINT ["/bin/bash", "-c"]
CMD ["lighttpd -D -f /etc/lighttpd/lighttpd.conf && true"]

View File

@ -1,8 +0,0 @@
ARG BASE_IMAGE
FROM ${BASE_IMAGE}
WORKDIR /root
RUN DEBIAN_FRONTEND=noninteractive \
apt-get install -y nginx
COPY nginx.conf /etc/nginx/
ENTRYPOINT ["/bin/bash", "-c"]
CMD ["nginx && sleep 2 && tail -n+0 -f /var/log/nginx/error.log"]

View File

@ -1,50 +0,0 @@
user root;
pid /run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 65535;
events {
multi_accept on;
worker_connections 65535;
}
http {
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
log_not_found off;
types_hash_max_size 2048;
types_hash_bucket_size 64;
client_max_body_size 16M;
# MIME
include mime.types;
default_type application/octet-stream;
# Logging
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log warn;
# SSL
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Mozilla Intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
server {
listen 4433 ssl http2;
listen [::]:4433 ssl http2;
server_name example.com;
root /var/www/html;
# SSL
ssl_certificate /root/server.pem;
ssl_certificate_key /root/server.pem;
ssl_trusted_certificate /root/server.pem;
}
}

View File

@ -1,8 +0,0 @@
ARG BASE_IMAGE
FROM ${BASE_IMAGE}
WORKDIR /root
RUN DEBIAN_FRONTEND=noninteractive \
curl -fsSL https://deb.nodesource.com/setup_15.x | bash - \
&& apt-get install -y nodejs
COPY nodejs.js /root/
CMD ["gdb", "-batch", "-ex", "run", "-ex", "bt", "--args", "/usr/bin/node", "/root/nodejs.js"]

View File

@ -1,14 +0,0 @@
const https = require('https');
const fs = require('fs');
const options = {
key: fs.readFileSync('server.pem'),
cert: fs.readFileSync('server.pem')
};
https.createServer(options, function (req, res) {
res.writeHead(200);
res.end("hello world\n");
}).listen(4433);
console.log("server started");

View File

@ -1 +0,0 @@
aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf openssl-1.1.1j.tar.gz.download

View File

@ -1,4 +0,0 @@
ARG BASE_IMAGE
FROM ${BASE_IMAGE}
WORKDIR /root
CMD ["gdb", "-batch", "-ex", "run", "-ex", "bt", "--args", "/usr/bin/openssl", "s_server"]

View File

@ -11,10 +11,10 @@ info:
- https://nvd.nist.gov/vuln/detail/cve-2021-3449
- https://avd.aliyun.com/detail?id=AVD-2021-3449
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score: 5.9
cve-id: CVE-2021-3449
cwe-id: CWE-476
cnvd-id: None
kve-id: None
tags: 拒绝服务,DoS
tags: 拒绝服务, DoS