diff --git a/cve/openssl/2021/CVE-2021-3449/demo/.dockerignore b/cve/openssl/2021/CVE-2021-3449/demo/.dockerignore deleted file mode 100644 index fcd11acb..00000000 --- a/cve/openssl/2021/CVE-2021-3449/demo/.dockerignore +++ /dev/null @@ -1,9 +0,0 @@ -* -!*.so* -!openssl -!server.pem -!apache-default-ssl.conf -!haproxy.cfg -!lighttpd-10-ssl.conf -!nginx.conf -!nodejs.js diff --git a/cve/openssl/2021/CVE-2021-3449/demo/.gitignore b/cve/openssl/2021/CVE-2021-3449/demo/.gitignore deleted file mode 100644 index a9d46952..00000000 --- a/cve/openssl/2021/CVE-2021-3449/demo/.gitignore +++ /dev/null @@ -1,7 +0,0 @@ -/openssl-1.1.1j/ -/openssl_dir -/openssl-1.1.1j.tar.gz -/openssl-1.1.1j.tar.gz.download -/openssl -*.pem -*.so* diff --git a/cve/openssl/2021/CVE-2021-3449/demo/Makefile b/cve/openssl/2021/CVE-2021-3449/demo/Makefile deleted file mode 100644 index 5435bfd5..00000000 --- a/cve/openssl/2021/CVE-2021-3449/demo/Makefile +++ /dev/null @@ -1,69 +0,0 @@ -CFLAGS ?= -Og -Wall -export CFLAGS -CXXFLAGS ?= -Og -Wall -export CXXFLAGS - -IMAGE_PREFIX := local/cve-2021-3449 -UBUNTU_VERSION ?= focal -IMAGE_INT := $(IMAGE_PREFIX)/base-$(UBUNTU_VERSION) -IMAGE_INT_REQ := build-base-$(UBUNTU_VERSION) - -CONTAINER_PREFIX := cve-2021-3449 - -TARGETS := apache haproxy lighttpd nginx nodejs openssl - -BUILD_TARGETS := $(addprefix build-, $(TARGETS)) -.PHONY: $(BUILD_TARGETS) -$(BUILD_TARGETS): build-%: $(IMAGE_INT_REQ) - docker build -f $*.Dockerfile -t $(IMAGE_PREFIX)/$* --build-arg "BASE_IMAGE=$(IMAGE_INT)" . - -START_TARGETS := $(addprefix start-, $(TARGETS)) -.PHONY: $(START_TARGETS) -$(START_TARGETS): start-%: build-% - docker run -d -it --name $(CONTAINER_PREFIX)-$* --network host $(IMAGE_PREFIX)/$* - docker logs -f $(CONTAINER_PREFIX)-$* & - -LOGS_TARGETS := $(addprefix logs-, $(TARGETS)) -.PHONY: $(LOGS_TARGETS) -$(LOGS_TARGETS): logs-%: - docker logs $(CONTAINER_PREFIX)-$* - -STOP_TARGETS := $(addprefix stop-, $(TARGETS)) -.PHONY: $(STOP_TARGETS) -$(STOP_TARGETS): stop-%: - docker container rm -f $(CONTAINER_PREFIX)-$* || true - -.PHONY: $(IMAGE_INT_REQ) -$(IMAGE_INT_REQ): libcrypto.so.1.1 libssl.so.1.1 openssl server.pem - docker build -f base.Dockerfile -t $(IMAGE_INT) --build-arg "BASE_IMAGE=ubuntu:$(UBUNTU_VERSION)" . - -server.pem: - openssl req -x509 -newkey rsa:2048 -keyout ./key.pem -out ./cert.pem -days 365 -nodes -subj "/CN=dummycert/O=My Company Name/C=US" - cat key.pem cert.pem >> server.pem - rm key.pem cert.pem - -.PHONY: clean -clean: $(STOP_TARGETS) - docker image rm -f $(addprefix $(IMAGE_PREFIX)/,$(TARGETS)) - rm -rf ./*.pem ./*.so* ./openssl ./openssl_dir ./openssl-1.1.1j ./openssl-1.1.1j.tar.gz ./openssl-1.1.1j.tar.gz.download - -openssl libcrypto.so.1.1 libssl.so.1.1: openssl_dir/Makefile - $(MAKE) -C openssl_dir -j4 apps/openssl libcrypto.so libssl.so - ln -f openssl_dir/libcrypto.so.1.1 libcrypto.so.1.1 - ln -f openssl_dir/libssl.so.1.1 libssl.so.1.1 - ln -f openssl_dir/apps/openssl openssl - -openssl_dir/Makefile: openssl_dir/.downloaded - cd openssl_dir && ./config && $(MAKE) build_generated - -openssl_dir/.downloaded: openssl-1.1.1j.tar.gz - tar -xzf openssl-1.1.1j.tar.gz - ln -sf openssl-1.1.1j openssl_dir - touch openssl_dir/.downloaded - -openssl-1.1.1j.tar.gz: openssl-1.1.1j.tar.gz.download - sha256sum -c openssl-1.1.1j.tar.gz.sha256sum - ln -sf openssl-1.1.1j.tar.gz.download openssl-1.1.1j.tar.gz - -openssl-1.1.1j.tar.gz.download: - curl https://www.openssl.org/source/old/1.1.1/openssl-1.1.1j.tar.gz --output openssl-1.1.1j.tar.gz.download diff --git a/cve/openssl/2021/CVE-2021-3449/demo/apache-default-ssl.conf b/cve/openssl/2021/CVE-2021-3449/demo/apache-default-ssl.conf deleted file mode 100644 index 7c2b859b..00000000 --- a/cve/openssl/2021/CVE-2021-3449/demo/apache-default-ssl.conf +++ /dev/null @@ -1,25 +0,0 @@ - - - ServerAdmin webmaster@localhost - - DocumentRoot /var/www/html - LogLevel info ssl:debug - - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined - - SSLEngine on - - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key - - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - - - -# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/cve/openssl/2021/CVE-2021-3449/demo/apache.Dockerfile b/cve/openssl/2021/CVE-2021-3449/demo/apache.Dockerfile deleted file mode 100644 index 3d7c49eb..00000000 --- a/cve/openssl/2021/CVE-2021-3449/demo/apache.Dockerfile +++ /dev/null @@ -1,9 +0,0 @@ -ARG BASE_IMAGE -FROM ${BASE_IMAGE} -WORKDIR /root -RUN DEBIAN_FRONTEND=noninteractive \ - apt-get install -y apache2 -COPY apache-default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf -RUN a2enmod ssl -ENTRYPOINT ["/bin/bash", "-c"] -CMD ["/usr/sbin/apachectl start && sleep 2 && tail -n+0 -f /var/log/apache2/error.log"] diff --git a/cve/openssl/2021/CVE-2021-3449/demo/base.Dockerfile b/cve/openssl/2021/CVE-2021-3449/demo/base.Dockerfile deleted file mode 100644 index ab883642..00000000 --- a/cve/openssl/2021/CVE-2021-3449/demo/base.Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -# Create base system with a vulnerable OpenSSL version. -ARG BASE_IMAGE=ubuntu:bionic -FROM $BASE_IMAGE -RUN DEBIAN_FRONTEND=noninteractive \ - apt-get update \ - && apt-get install -y libssl1.1 openssl gdb curl -# Patch in the vulnerable OpenSSL version. -COPY libssl.so.1.1 libcrypto.so.1.1 /usr/lib/x86_64-linux-gnu/ -COPY openssl /usr/bin/ -# Copy the self-signed certificate. -COPY server.pem /root/ diff --git a/cve/openssl/2021/CVE-2021-3449/demo/haproxy.Dockerfile b/cve/openssl/2021/CVE-2021-3449/demo/haproxy.Dockerfile deleted file mode 100644 index 0936431a..00000000 --- a/cve/openssl/2021/CVE-2021-3449/demo/haproxy.Dockerfile +++ /dev/null @@ -1,8 +0,0 @@ -ARG BASE_IMAGE -FROM ${BASE_IMAGE} -WORKDIR /root -RUN DEBIAN_FRONTEND=noninteractive \ - apt-get install -y haproxy -COPY haproxy.cfg /etc/haproxy/ -ENTRYPOINT ["/bin/bash", "-c"] -CMD ["haproxy -W -f /etc/haproxy/haproxy.cfg"] diff --git a/cve/openssl/2021/CVE-2021-3449/demo/haproxy.cfg b/cve/openssl/2021/CVE-2021-3449/demo/haproxy.cfg deleted file mode 100644 index ad0714ec..00000000 --- a/cve/openssl/2021/CVE-2021-3449/demo/haproxy.cfg +++ /dev/null @@ -1,16 +0,0 @@ -# generated 2021-03-28, Mozilla Guideline v5.6, HAProxy 2.1, OpenSSL 1.1.1j, intermediate configuration -# https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.1j&guideline=5.6 -global - # intermediate configuration - ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets - - ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets - -frontend ft_test - mode http - bind :4433 ssl crt /root/server.pem alpn h2,http/1.1 - - # HSTS (63072000 seconds) - http-response set-header Strict-Transport-Security max-age=63072000 diff --git a/cve/openssl/2021/CVE-2021-3449/demo/lighttpd-10-ssl.conf b/cve/openssl/2021/CVE-2021-3449/demo/lighttpd-10-ssl.conf deleted file mode 100644 index ae82ad9f..00000000 --- a/cve/openssl/2021/CVE-2021-3449/demo/lighttpd-10-ssl.conf +++ /dev/null @@ -1,21 +0,0 @@ -# generated 2021-03-28, Mozilla Guideline v5.6, lighttpd 1.4.55, OpenSSL 1.1.1j, intermediate configuration -# https://ssl-config.mozilla.org/#server=lighttpd&version=1.4.55&config=intermediate&openssl=1.1.1j&guideline=5.6 -$SERVER["socket"] == ":80" { - url.redirect = ("" => "https://${url.authority}${url.path}${qsa}") -} - -$SERVER["socket"] == ":4433" { - ssl.engine = "enable" - - ssl.pemfile = "/root/server.pem" - - # intermediate configuration - ssl.openssl.ssl-conf-cmd = ("Protocol" => "ALL, -SSLv2, -SSLv3, -TLSv1, -TLSv1.1") - ssl.cipher-list = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" - ssl.honor-cipher-order = "disable" - - # HTTP Strict Transport Security (63072000 seconds) - setenv.add-response-header = ( - "Strict-Transport-Security" => "max-age=63072000" - ) -} diff --git a/cve/openssl/2021/CVE-2021-3449/demo/lighttpd.Dockerfile b/cve/openssl/2021/CVE-2021-3449/demo/lighttpd.Dockerfile deleted file mode 100644 index f733a113..00000000 --- a/cve/openssl/2021/CVE-2021-3449/demo/lighttpd.Dockerfile +++ /dev/null @@ -1,8 +0,0 @@ -ARG BASE_IMAGE -FROM ${BASE_IMAGE} -WORKDIR /root -RUN DEBIAN_FRONTEND=noninteractive \ - apt-get install -y lighttpd -COPY lighttpd-10-ssl.conf /etc/lighttpd/conf-enabled/10-ssl.conf -ENTRYPOINT ["/bin/bash", "-c"] -CMD ["lighttpd -D -f /etc/lighttpd/lighttpd.conf && true"] diff --git a/cve/openssl/2021/CVE-2021-3449/demo/nginx.Dockerfile b/cve/openssl/2021/CVE-2021-3449/demo/nginx.Dockerfile deleted file mode 100644 index bcf8e4e5..00000000 --- a/cve/openssl/2021/CVE-2021-3449/demo/nginx.Dockerfile +++ /dev/null @@ -1,8 +0,0 @@ -ARG BASE_IMAGE -FROM ${BASE_IMAGE} -WORKDIR /root -RUN DEBIAN_FRONTEND=noninteractive \ - apt-get install -y nginx -COPY nginx.conf /etc/nginx/ -ENTRYPOINT ["/bin/bash", "-c"] -CMD ["nginx && sleep 2 && tail -n+0 -f /var/log/nginx/error.log"] diff --git a/cve/openssl/2021/CVE-2021-3449/demo/nginx.conf b/cve/openssl/2021/CVE-2021-3449/demo/nginx.conf deleted file mode 100644 index f4aa8217..00000000 --- a/cve/openssl/2021/CVE-2021-3449/demo/nginx.conf +++ /dev/null @@ -1,50 +0,0 @@ -user root; -pid /run/nginx.pid; -worker_processes auto; -worker_rlimit_nofile 65535; - -events { - multi_accept on; - worker_connections 65535; -} - -http { - charset utf-8; - sendfile on; - tcp_nopush on; - tcp_nodelay on; - server_tokens off; - log_not_found off; - types_hash_max_size 2048; - types_hash_bucket_size 64; - client_max_body_size 16M; - - # MIME - include mime.types; - default_type application/octet-stream; - - # Logging - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log warn; - - # SSL - ssl_session_timeout 1d; - ssl_session_cache shared:SSL:10m; - ssl_session_tickets off; - - # Mozilla Intermediate configuration - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; - - server { - listen 4433 ssl http2; - listen [::]:4433 ssl http2; - server_name example.com; - root /var/www/html; - - # SSL - ssl_certificate /root/server.pem; - ssl_certificate_key /root/server.pem; - ssl_trusted_certificate /root/server.pem; - } -} diff --git a/cve/openssl/2021/CVE-2021-3449/demo/nodejs.Dockerfile b/cve/openssl/2021/CVE-2021-3449/demo/nodejs.Dockerfile deleted file mode 100644 index 3f78b4e8..00000000 --- a/cve/openssl/2021/CVE-2021-3449/demo/nodejs.Dockerfile +++ /dev/null @@ -1,8 +0,0 @@ -ARG BASE_IMAGE -FROM ${BASE_IMAGE} -WORKDIR /root -RUN DEBIAN_FRONTEND=noninteractive \ - curl -fsSL https://deb.nodesource.com/setup_15.x | bash - \ - && apt-get install -y nodejs -COPY nodejs.js /root/ -CMD ["gdb", "-batch", "-ex", "run", "-ex", "bt", "--args", "/usr/bin/node", "/root/nodejs.js"] diff --git a/cve/openssl/2021/CVE-2021-3449/demo/nodejs.js b/cve/openssl/2021/CVE-2021-3449/demo/nodejs.js deleted file mode 100644 index 34b1dfc0..00000000 --- a/cve/openssl/2021/CVE-2021-3449/demo/nodejs.js +++ /dev/null @@ -1,14 +0,0 @@ -const https = require('https'); -const fs = require('fs'); - -const options = { - key: fs.readFileSync('server.pem'), - cert: fs.readFileSync('server.pem') -}; - -https.createServer(options, function (req, res) { - res.writeHead(200); - res.end("hello world\n"); -}).listen(4433); - -console.log("server started"); diff --git a/cve/openssl/2021/CVE-2021-3449/demo/openssl-1.1.1j.tar.gz.sha256sum b/cve/openssl/2021/CVE-2021-3449/demo/openssl-1.1.1j.tar.gz.sha256sum deleted file mode 100644 index 27569051..00000000 --- a/cve/openssl/2021/CVE-2021-3449/demo/openssl-1.1.1j.tar.gz.sha256sum +++ /dev/null @@ -1 +0,0 @@ -aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf openssl-1.1.1j.tar.gz.download diff --git a/cve/openssl/2021/CVE-2021-3449/demo/openssl.Dockerfile b/cve/openssl/2021/CVE-2021-3449/demo/openssl.Dockerfile deleted file mode 100644 index 705f2e01..00000000 --- a/cve/openssl/2021/CVE-2021-3449/demo/openssl.Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -ARG BASE_IMAGE -FROM ${BASE_IMAGE} -WORKDIR /root -CMD ["gdb", "-batch", "-ex", "run", "-ex", "bt", "--args", "/usr/bin/openssl", "s_server"] diff --git a/cve/openssl/2021/yaml/CVE-2021-3449.yaml b/cve/openssl/2021/yaml/CVE-2021-3449.yaml index ad1c4bbe..5e064af3 100644 --- a/cve/openssl/2021/yaml/CVE-2021-3449.yaml +++ b/cve/openssl/2021/yaml/CVE-2021-3449.yaml @@ -11,10 +11,10 @@ info: - https://nvd.nist.gov/vuln/detail/cve-2021-3449 - https://avd.aliyun.com/detail?id=AVD-2021-3449 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H + cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 5.9 cve-id: CVE-2021-3449 cwe-id: CWE-476 cnvd-id: None kve-id: None - tags: 拒绝服务,DoS \ No newline at end of file + tags: 拒绝服务, DoS \ No newline at end of file