Add CVE-2021-3449
This commit is contained in:
parent
a5e4af5f99
commit
a48a239cd6
|
@ -1,9 +0,0 @@
|
|||
*
|
||||
!*.so*
|
||||
!openssl
|
||||
!server.pem
|
||||
!apache-default-ssl.conf
|
||||
!haproxy.cfg
|
||||
!lighttpd-10-ssl.conf
|
||||
!nginx.conf
|
||||
!nodejs.js
|
|
@ -1,7 +0,0 @@
|
|||
/openssl-1.1.1j/
|
||||
/openssl_dir
|
||||
/openssl-1.1.1j.tar.gz
|
||||
/openssl-1.1.1j.tar.gz.download
|
||||
/openssl
|
||||
*.pem
|
||||
*.so*
|
|
@ -1,69 +0,0 @@
|
|||
CFLAGS ?= -Og -Wall
|
||||
export CFLAGS
|
||||
CXXFLAGS ?= -Og -Wall
|
||||
export CXXFLAGS
|
||||
|
||||
IMAGE_PREFIX := local/cve-2021-3449
|
||||
UBUNTU_VERSION ?= focal
|
||||
IMAGE_INT := $(IMAGE_PREFIX)/base-$(UBUNTU_VERSION)
|
||||
IMAGE_INT_REQ := build-base-$(UBUNTU_VERSION)
|
||||
|
||||
CONTAINER_PREFIX := cve-2021-3449
|
||||
|
||||
TARGETS := apache haproxy lighttpd nginx nodejs openssl
|
||||
|
||||
BUILD_TARGETS := $(addprefix build-, $(TARGETS))
|
||||
.PHONY: $(BUILD_TARGETS)
|
||||
$(BUILD_TARGETS): build-%: $(IMAGE_INT_REQ)
|
||||
docker build -f $*.Dockerfile -t $(IMAGE_PREFIX)/$* --build-arg "BASE_IMAGE=$(IMAGE_INT)" .
|
||||
|
||||
START_TARGETS := $(addprefix start-, $(TARGETS))
|
||||
.PHONY: $(START_TARGETS)
|
||||
$(START_TARGETS): start-%: build-%
|
||||
docker run -d -it --name $(CONTAINER_PREFIX)-$* --network host $(IMAGE_PREFIX)/$*
|
||||
docker logs -f $(CONTAINER_PREFIX)-$* &
|
||||
|
||||
LOGS_TARGETS := $(addprefix logs-, $(TARGETS))
|
||||
.PHONY: $(LOGS_TARGETS)
|
||||
$(LOGS_TARGETS): logs-%:
|
||||
docker logs $(CONTAINER_PREFIX)-$*
|
||||
|
||||
STOP_TARGETS := $(addprefix stop-, $(TARGETS))
|
||||
.PHONY: $(STOP_TARGETS)
|
||||
$(STOP_TARGETS): stop-%:
|
||||
docker container rm -f $(CONTAINER_PREFIX)-$* || true
|
||||
|
||||
.PHONY: $(IMAGE_INT_REQ)
|
||||
$(IMAGE_INT_REQ): libcrypto.so.1.1 libssl.so.1.1 openssl server.pem
|
||||
docker build -f base.Dockerfile -t $(IMAGE_INT) --build-arg "BASE_IMAGE=ubuntu:$(UBUNTU_VERSION)" .
|
||||
|
||||
server.pem:
|
||||
openssl req -x509 -newkey rsa:2048 -keyout ./key.pem -out ./cert.pem -days 365 -nodes -subj "/CN=dummycert/O=My Company Name/C=US"
|
||||
cat key.pem cert.pem >> server.pem
|
||||
rm key.pem cert.pem
|
||||
|
||||
.PHONY: clean
|
||||
clean: $(STOP_TARGETS)
|
||||
docker image rm -f $(addprefix $(IMAGE_PREFIX)/,$(TARGETS))
|
||||
rm -rf ./*.pem ./*.so* ./openssl ./openssl_dir ./openssl-1.1.1j ./openssl-1.1.1j.tar.gz ./openssl-1.1.1j.tar.gz.download
|
||||
|
||||
openssl libcrypto.so.1.1 libssl.so.1.1: openssl_dir/Makefile
|
||||
$(MAKE) -C openssl_dir -j4 apps/openssl libcrypto.so libssl.so
|
||||
ln -f openssl_dir/libcrypto.so.1.1 libcrypto.so.1.1
|
||||
ln -f openssl_dir/libssl.so.1.1 libssl.so.1.1
|
||||
ln -f openssl_dir/apps/openssl openssl
|
||||
|
||||
openssl_dir/Makefile: openssl_dir/.downloaded
|
||||
cd openssl_dir && ./config && $(MAKE) build_generated
|
||||
|
||||
openssl_dir/.downloaded: openssl-1.1.1j.tar.gz
|
||||
tar -xzf openssl-1.1.1j.tar.gz
|
||||
ln -sf openssl-1.1.1j openssl_dir
|
||||
touch openssl_dir/.downloaded
|
||||
|
||||
openssl-1.1.1j.tar.gz: openssl-1.1.1j.tar.gz.download
|
||||
sha256sum -c openssl-1.1.1j.tar.gz.sha256sum
|
||||
ln -sf openssl-1.1.1j.tar.gz.download openssl-1.1.1j.tar.gz
|
||||
|
||||
openssl-1.1.1j.tar.gz.download:
|
||||
curl https://www.openssl.org/source/old/1.1.1/openssl-1.1.1j.tar.gz --output openssl-1.1.1j.tar.gz.download
|
|
@ -1,25 +0,0 @@
|
|||
<IfModule mod_ssl.c>
|
||||
<VirtualHost 127.0.0.1:443>
|
||||
ServerAdmin webmaster@localhost
|
||||
|
||||
DocumentRoot /var/www/html
|
||||
LogLevel info ssl:debug
|
||||
|
||||
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||
|
||||
SSLEngine on
|
||||
|
||||
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
|
||||
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
|
||||
|
||||
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
||||
SSLOptions +StdEnvVars
|
||||
</FilesMatch>
|
||||
<Directory /usr/lib/cgi-bin>
|
||||
SSLOptions +StdEnvVars
|
||||
</Directory>
|
||||
</VirtualHost>
|
||||
</IfModule>
|
||||
|
||||
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
|
|
@ -1,9 +0,0 @@
|
|||
ARG BASE_IMAGE
|
||||
FROM ${BASE_IMAGE}
|
||||
WORKDIR /root
|
||||
RUN DEBIAN_FRONTEND=noninteractive \
|
||||
apt-get install -y apache2
|
||||
COPY apache-default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf
|
||||
RUN a2enmod ssl
|
||||
ENTRYPOINT ["/bin/bash", "-c"]
|
||||
CMD ["/usr/sbin/apachectl start && sleep 2 && tail -n+0 -f /var/log/apache2/error.log"]
|
|
@ -1,11 +0,0 @@
|
|||
# Create base system with a vulnerable OpenSSL version.
|
||||
ARG BASE_IMAGE=ubuntu:bionic
|
||||
FROM $BASE_IMAGE
|
||||
RUN DEBIAN_FRONTEND=noninteractive \
|
||||
apt-get update \
|
||||
&& apt-get install -y libssl1.1 openssl gdb curl
|
||||
# Patch in the vulnerable OpenSSL version.
|
||||
COPY libssl.so.1.1 libcrypto.so.1.1 /usr/lib/x86_64-linux-gnu/
|
||||
COPY openssl /usr/bin/
|
||||
# Copy the self-signed certificate.
|
||||
COPY server.pem /root/
|
|
@ -1,8 +0,0 @@
|
|||
ARG BASE_IMAGE
|
||||
FROM ${BASE_IMAGE}
|
||||
WORKDIR /root
|
||||
RUN DEBIAN_FRONTEND=noninteractive \
|
||||
apt-get install -y haproxy
|
||||
COPY haproxy.cfg /etc/haproxy/
|
||||
ENTRYPOINT ["/bin/bash", "-c"]
|
||||
CMD ["haproxy -W -f /etc/haproxy/haproxy.cfg"]
|
|
@ -1,16 +0,0 @@
|
|||
# generated 2021-03-28, Mozilla Guideline v5.6, HAProxy 2.1, OpenSSL 1.1.1j, intermediate configuration
|
||||
# https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.1j&guideline=5.6
|
||||
global
|
||||
# intermediate configuration
|
||||
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
|
||||
|
||||
ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||
ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
|
||||
|
||||
frontend ft_test
|
||||
mode http
|
||||
bind :4433 ssl crt /root/server.pem alpn h2,http/1.1
|
||||
|
||||
# HSTS (63072000 seconds)
|
||||
http-response set-header Strict-Transport-Security max-age=63072000
|
|
@ -1,21 +0,0 @@
|
|||
# generated 2021-03-28, Mozilla Guideline v5.6, lighttpd 1.4.55, OpenSSL 1.1.1j, intermediate configuration
|
||||
# https://ssl-config.mozilla.org/#server=lighttpd&version=1.4.55&config=intermediate&openssl=1.1.1j&guideline=5.6
|
||||
$SERVER["socket"] == ":80" {
|
||||
url.redirect = ("" => "https://${url.authority}${url.path}${qsa}")
|
||||
}
|
||||
|
||||
$SERVER["socket"] == ":4433" {
|
||||
ssl.engine = "enable"
|
||||
|
||||
ssl.pemfile = "/root/server.pem"
|
||||
|
||||
# intermediate configuration
|
||||
ssl.openssl.ssl-conf-cmd = ("Protocol" => "ALL, -SSLv2, -SSLv3, -TLSv1, -TLSv1.1")
|
||||
ssl.cipher-list = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
|
||||
ssl.honor-cipher-order = "disable"
|
||||
|
||||
# HTTP Strict Transport Security (63072000 seconds)
|
||||
setenv.add-response-header = (
|
||||
"Strict-Transport-Security" => "max-age=63072000"
|
||||
)
|
||||
}
|
|
@ -1,8 +0,0 @@
|
|||
ARG BASE_IMAGE
|
||||
FROM ${BASE_IMAGE}
|
||||
WORKDIR /root
|
||||
RUN DEBIAN_FRONTEND=noninteractive \
|
||||
apt-get install -y lighttpd
|
||||
COPY lighttpd-10-ssl.conf /etc/lighttpd/conf-enabled/10-ssl.conf
|
||||
ENTRYPOINT ["/bin/bash", "-c"]
|
||||
CMD ["lighttpd -D -f /etc/lighttpd/lighttpd.conf && true"]
|
|
@ -1,8 +0,0 @@
|
|||
ARG BASE_IMAGE
|
||||
FROM ${BASE_IMAGE}
|
||||
WORKDIR /root
|
||||
RUN DEBIAN_FRONTEND=noninteractive \
|
||||
apt-get install -y nginx
|
||||
COPY nginx.conf /etc/nginx/
|
||||
ENTRYPOINT ["/bin/bash", "-c"]
|
||||
CMD ["nginx && sleep 2 && tail -n+0 -f /var/log/nginx/error.log"]
|
|
@ -1,50 +0,0 @@
|
|||
user root;
|
||||
pid /run/nginx.pid;
|
||||
worker_processes auto;
|
||||
worker_rlimit_nofile 65535;
|
||||
|
||||
events {
|
||||
multi_accept on;
|
||||
worker_connections 65535;
|
||||
}
|
||||
|
||||
http {
|
||||
charset utf-8;
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
server_tokens off;
|
||||
log_not_found off;
|
||||
types_hash_max_size 2048;
|
||||
types_hash_bucket_size 64;
|
||||
client_max_body_size 16M;
|
||||
|
||||
# MIME
|
||||
include mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
# Logging
|
||||
access_log /var/log/nginx/access.log;
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
|
||||
# SSL
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_tickets off;
|
||||
|
||||
# Mozilla Intermediate configuration
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
|
||||
server {
|
||||
listen 4433 ssl http2;
|
||||
listen [::]:4433 ssl http2;
|
||||
server_name example.com;
|
||||
root /var/www/html;
|
||||
|
||||
# SSL
|
||||
ssl_certificate /root/server.pem;
|
||||
ssl_certificate_key /root/server.pem;
|
||||
ssl_trusted_certificate /root/server.pem;
|
||||
}
|
||||
}
|
|
@ -1,8 +0,0 @@
|
|||
ARG BASE_IMAGE
|
||||
FROM ${BASE_IMAGE}
|
||||
WORKDIR /root
|
||||
RUN DEBIAN_FRONTEND=noninteractive \
|
||||
curl -fsSL https://deb.nodesource.com/setup_15.x | bash - \
|
||||
&& apt-get install -y nodejs
|
||||
COPY nodejs.js /root/
|
||||
CMD ["gdb", "-batch", "-ex", "run", "-ex", "bt", "--args", "/usr/bin/node", "/root/nodejs.js"]
|
|
@ -1,14 +0,0 @@
|
|||
const https = require('https');
|
||||
const fs = require('fs');
|
||||
|
||||
const options = {
|
||||
key: fs.readFileSync('server.pem'),
|
||||
cert: fs.readFileSync('server.pem')
|
||||
};
|
||||
|
||||
https.createServer(options, function (req, res) {
|
||||
res.writeHead(200);
|
||||
res.end("hello world\n");
|
||||
}).listen(4433);
|
||||
|
||||
console.log("server started");
|
|
@ -1 +0,0 @@
|
|||
aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf openssl-1.1.1j.tar.gz.download
|
|
@ -1,4 +0,0 @@
|
|||
ARG BASE_IMAGE
|
||||
FROM ${BASE_IMAGE}
|
||||
WORKDIR /root
|
||||
CMD ["gdb", "-batch", "-ex", "run", "-ex", "bt", "--args", "/usr/bin/openssl", "s_server"]
|
|
@ -11,10 +11,10 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/cve-2021-3449
|
||||
- https://avd.aliyun.com/detail?id=AVD-2021-3449
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
||||
cvss-score: 5.9
|
||||
cve-id: CVE-2021-3449
|
||||
cwe-id: CWE-476
|
||||
cnvd-id: None
|
||||
kve-id: None
|
||||
tags: 拒绝服务,DoS
|
||||
tags: 拒绝服务, DoS
|
Loading…
Reference in New Issue