Add CVE-2021-3449

cve/openssl/2021/CVE-2021-3449/demo/.dockerignore

@@ -1,9 +0,0 @@
-*
-!*.so*
-!openssl
-!server.pem
-!apache-default-ssl.conf
-!haproxy.cfg
-!lighttpd-10-ssl.conf
-!nginx.conf
-!nodejs.js

cve/openssl/2021/CVE-2021-3449/demo/.gitignore

@@ -1,7 +0,0 @@
-/openssl-1.1.1j/
-/openssl_dir
-/openssl-1.1.1j.tar.gz
-/openssl-1.1.1j.tar.gz.download
-/openssl
-*.pem
-*.so*

cve/openssl/2021/CVE-2021-3449/demo/Makefile

@@ -1,69 +0,0 @@
-CFLAGS ?= -Og -Wall
-export CFLAGS
-CXXFLAGS ?= -Og -Wall
-export CXXFLAGS
-
-IMAGE_PREFIX := local/cve-2021-3449
-UBUNTU_VERSION ?= focal
-IMAGE_INT := $(IMAGE_PREFIX)/base-$(UBUNTU_VERSION)
-IMAGE_INT_REQ := build-base-$(UBUNTU_VERSION)
-
-CONTAINER_PREFIX := cve-2021-3449
-
-TARGETS := apache haproxy lighttpd nginx nodejs openssl
-
-BUILD_TARGETS := $(addprefix build-, $(TARGETS))
-.PHONY: $(BUILD_TARGETS)
-$(BUILD_TARGETS): build-%: $(IMAGE_INT_REQ)
-	docker build -f $*.Dockerfile -t $(IMAGE_PREFIX)/$* --build-arg "BASE_IMAGE=$(IMAGE_INT)" .
-
-START_TARGETS := $(addprefix start-, $(TARGETS))
-.PHONY: $(START_TARGETS)
-$(START_TARGETS): start-%: build-%
-	docker run -d -it --name $(CONTAINER_PREFIX)-$* --network host $(IMAGE_PREFIX)/$*
-	docker logs -f $(CONTAINER_PREFIX)-$* &
-
-LOGS_TARGETS := $(addprefix logs-, $(TARGETS))
-.PHONY: $(LOGS_TARGETS)
-$(LOGS_TARGETS): logs-%:
-	docker logs $(CONTAINER_PREFIX)-$*
-
-STOP_TARGETS := $(addprefix stop-, $(TARGETS))
-.PHONY: $(STOP_TARGETS)
-$(STOP_TARGETS): stop-%:
-	docker container rm -f $(CONTAINER_PREFIX)-$* || true
-
-.PHONY: $(IMAGE_INT_REQ)
-$(IMAGE_INT_REQ): libcrypto.so.1.1 libssl.so.1.1 openssl server.pem
-	docker build -f base.Dockerfile -t $(IMAGE_INT) --build-arg "BASE_IMAGE=ubuntu:$(UBUNTU_VERSION)" .
-
-server.pem:
-	openssl req -x509 -newkey rsa:2048 -keyout ./key.pem -out ./cert.pem -days 365 -nodes -subj "/CN=dummycert/O=My Company Name/C=US"
-	cat key.pem cert.pem >> server.pem
-	rm key.pem cert.pem
-
-.PHONY: clean
-clean: $(STOP_TARGETS)
-	docker image rm -f $(addprefix $(IMAGE_PREFIX)/,$(TARGETS))
-	rm -rf ./*.pem ./*.so* ./openssl ./openssl_dir ./openssl-1.1.1j ./openssl-1.1.1j.tar.gz ./openssl-1.1.1j.tar.gz.download
-
-openssl libcrypto.so.1.1 libssl.so.1.1: openssl_dir/Makefile
-	$(MAKE) -C openssl_dir -j4 apps/openssl libcrypto.so libssl.so
-	ln -f openssl_dir/libcrypto.so.1.1 libcrypto.so.1.1
-	ln -f openssl_dir/libssl.so.1.1 libssl.so.1.1
-	ln -f openssl_dir/apps/openssl openssl
-
-openssl_dir/Makefile: openssl_dir/.downloaded
-	cd openssl_dir && ./config && $(MAKE) build_generated
-
-openssl_dir/.downloaded: openssl-1.1.1j.tar.gz
-	tar -xzf openssl-1.1.1j.tar.gz
-	ln -sf openssl-1.1.1j openssl_dir
-	touch openssl_dir/.downloaded
-
-openssl-1.1.1j.tar.gz: openssl-1.1.1j.tar.gz.download
-	sha256sum -c openssl-1.1.1j.tar.gz.sha256sum
-	ln -sf openssl-1.1.1j.tar.gz.download openssl-1.1.1j.tar.gz
-
-openssl-1.1.1j.tar.gz.download:
-	curl https://www.openssl.org/source/old/1.1.1/openssl-1.1.1j.tar.gz --output openssl-1.1.1j.tar.gz.download

cve/openssl/2021/CVE-2021-3449/demo/apache-default-ssl.conf

@@ -1,25 +0,0 @@
-<IfModule mod_ssl.c>
-	<VirtualHost 127.0.0.1:443>
-		ServerAdmin webmaster@localhost
-
-		DocumentRoot /var/www/html
-		LogLevel info ssl:debug
-
-		ErrorLog ${APACHE_LOG_DIR}/error.log
-		CustomLog ${APACHE_LOG_DIR}/access.log combined
-
-		SSLEngine on
-
-		SSLCertificateFile	/etc/ssl/certs/ssl-cert-snakeoil.pem
-		SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
-
-		<FilesMatch "\.(cgi|shtml|phtml|php)$">
-				SSLOptions +StdEnvVars
-		</FilesMatch>
-		<Directory /usr/lib/cgi-bin>
-				SSLOptions +StdEnvVars
-		</Directory>
-	</VirtualHost>
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

cve/openssl/2021/CVE-2021-3449/demo/apache.Dockerfile

@@ -1,9 +0,0 @@
-ARG BASE_IMAGE
-FROM ${BASE_IMAGE}
-WORKDIR /root
-RUN DEBIAN_FRONTEND=noninteractive \
-    apt-get install -y apache2
-COPY apache-default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf
-RUN a2enmod ssl
-ENTRYPOINT ["/bin/bash", "-c"]
-CMD ["/usr/sbin/apachectl start && sleep 2 && tail -n+0 -f /var/log/apache2/error.log"]

cve/openssl/2021/CVE-2021-3449/demo/base.Dockerfile

@@ -1,11 +0,0 @@
-# Create base system with a vulnerable OpenSSL version.
-ARG BASE_IMAGE=ubuntu:bionic
-FROM $BASE_IMAGE
-RUN DEBIAN_FRONTEND=noninteractive \
-    apt-get update \
- && apt-get install -y libssl1.1 openssl gdb curl
-# Patch in the vulnerable OpenSSL version.
-COPY libssl.so.1.1 libcrypto.so.1.1 /usr/lib/x86_64-linux-gnu/
-COPY openssl /usr/bin/
-# Copy the self-signed certificate.
-COPY server.pem /root/

cve/openssl/2021/CVE-2021-3449/demo/haproxy.Dockerfile

@@ -1,8 +0,0 @@
-ARG BASE_IMAGE
-FROM ${BASE_IMAGE}
-WORKDIR /root
-RUN DEBIAN_FRONTEND=noninteractive \
-    apt-get install -y haproxy
-COPY haproxy.cfg /etc/haproxy/
-ENTRYPOINT ["/bin/bash", "-c"]
-CMD ["haproxy -W -f /etc/haproxy/haproxy.cfg"]

cve/openssl/2021/CVE-2021-3449/demo/haproxy.cfg

@@ -1,16 +0,0 @@
-# generated 2021-03-28, Mozilla Guideline v5.6, HAProxy 2.1, OpenSSL 1.1.1j, intermediate configuration
-# https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.1j&guideline=5.6
-global
-    # intermediate configuration
-    ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
-    ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
-
-    ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
-    ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
-
-frontend ft_test
-    mode    http
-    bind    :4433 ssl crt /root/server.pem alpn h2,http/1.1
-
-    # HSTS (63072000 seconds)
-    http-response set-header Strict-Transport-Security max-age=63072000

cve/openssl/2021/CVE-2021-3449/demo/lighttpd-10-ssl.conf

@@ -1,21 +0,0 @@
-# generated 2021-03-28, Mozilla Guideline v5.6, lighttpd 1.4.55, OpenSSL 1.1.1j, intermediate configuration
-# https://ssl-config.mozilla.org/#server=lighttpd&version=1.4.55&config=intermediate&openssl=1.1.1j&guideline=5.6
-$SERVER["socket"] == ":80" {
-    url.redirect = ("" => "https://${url.authority}${url.path}${qsa}")
-}
-
-$SERVER["socket"] == ":4433" {
-    ssl.engine   = "enable"
-
-    ssl.pemfile               = "/root/server.pem"
-
-    # intermediate configuration
-    ssl.openssl.ssl-conf-cmd = ("Protocol" => "ALL, -SSLv2, -SSLv3, -TLSv1, -TLSv1.1")
-    ssl.cipher-list           = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
-    ssl.honor-cipher-order    = "disable"
-
-    # HTTP Strict Transport Security (63072000 seconds)
-    setenv.add-response-header  = (
-        "Strict-Transport-Security" => "max-age=63072000"
-    )
-}

cve/openssl/2021/CVE-2021-3449/demo/lighttpd.Dockerfile

@@ -1,8 +0,0 @@
-ARG BASE_IMAGE
-FROM ${BASE_IMAGE}
-WORKDIR /root
-RUN DEBIAN_FRONTEND=noninteractive \
-    apt-get install -y lighttpd
-COPY lighttpd-10-ssl.conf /etc/lighttpd/conf-enabled/10-ssl.conf
-ENTRYPOINT ["/bin/bash", "-c"]
-CMD ["lighttpd -D -f /etc/lighttpd/lighttpd.conf && true"]

cve/openssl/2021/CVE-2021-3449/demo/nginx.Dockerfile

@@ -1,8 +0,0 @@
-ARG BASE_IMAGE
-FROM ${BASE_IMAGE}
-WORKDIR /root
-RUN DEBIAN_FRONTEND=noninteractive \
-    apt-get install -y nginx
-COPY nginx.conf /etc/nginx/
-ENTRYPOINT ["/bin/bash", "-c"]
-CMD ["nginx && sleep 2 && tail -n+0 -f /var/log/nginx/error.log"]

cve/openssl/2021/CVE-2021-3449/demo/nginx.conf

@@ -1,50 +0,0 @@
-user root;
-pid /run/nginx.pid;
-worker_processes auto;
-worker_rlimit_nofile 65535;
-
-events {
-    multi_accept       on;
-    worker_connections 65535;
-}
-
-http {
-    charset                utf-8;
-    sendfile               on;
-    tcp_nopush             on;
-    tcp_nodelay            on;
-    server_tokens          off;
-    log_not_found          off;
-    types_hash_max_size    2048;
-    types_hash_bucket_size 64;
-    client_max_body_size   16M;
-
-    # MIME
-    include      mime.types;
-    default_type application/octet-stream;
-
-    # Logging
-    access_log /var/log/nginx/access.log;
-    error_log  /var/log/nginx/error.log warn;
-
-    # SSL
-    ssl_session_timeout 1d;
-    ssl_session_cache   shared:SSL:10m;
-    ssl_session_tickets off;
-
-    # Mozilla Intermediate configuration
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_ciphers   ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
-
-    server {
-        listen      4433 ssl http2;
-        listen      [::]:4433 ssl http2;
-        server_name example.com;
-        root        /var/www/html;
-
-        # SSL
-        ssl_certificate         /root/server.pem;
-        ssl_certificate_key     /root/server.pem;
-        ssl_trusted_certificate /root/server.pem;
-    }
-}

cve/openssl/2021/CVE-2021-3449/demo/nodejs.Dockerfile

@@ -1,8 +0,0 @@
-ARG BASE_IMAGE
-FROM ${BASE_IMAGE}
-WORKDIR /root
-RUN DEBIAN_FRONTEND=noninteractive \
-    curl -fsSL https://deb.nodesource.com/setup_15.x | bash - \
- && apt-get install -y nodejs
-COPY nodejs.js /root/
-CMD ["gdb", "-batch", "-ex", "run", "-ex", "bt", "--args", "/usr/bin/node", "/root/nodejs.js"]

cve/openssl/2021/CVE-2021-3449/demo/nodejs.js

@@ -1,14 +0,0 @@
-const https = require('https');
-const fs = require('fs');
-
-const options = {
-  key: fs.readFileSync('server.pem'),
-  cert: fs.readFileSync('server.pem')
-};
-
-https.createServer(options, function (req, res) {
-  res.writeHead(200);
-  res.end("hello world\n");
-}).listen(4433);
-
-console.log("server started");

cve/openssl/2021/CVE-2021-3449/demo/openssl-1.1.1j.tar.gz.sha256sum

@@ -1 +0,0 @@
-aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf  openssl-1.1.1j.tar.gz.download

cve/openssl/2021/CVE-2021-3449/demo/openssl.Dockerfile

@@ -1,4 +0,0 @@
-ARG BASE_IMAGE
-FROM ${BASE_IMAGE}
-WORKDIR /root
-CMD ["gdb", "-batch", "-ex", "run", "-ex", "bt", "--args", "/usr/bin/openssl", "s_server"]

cve/openssl/2021/yaml/CVE-2021-3449.yaml

@@ -11,10 +11,10 @@ info:
     - https://nvd.nist.gov/vuln/detail/cve-2021-3449
     - https://avd.aliyun.com/detail?id=AVD-2021-3449
   classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
+    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
     cvss-score: 5.9
     cve-id: CVE-2021-3449
     cwe-id: CWE-476
     cnvd-id: None
     kve-id: None
-  tags: 拒绝服务,DoS
+  tags: 拒绝服务, DoS