Nginxí§Òâ´úÂëÖ´ÐÐÎó²î£¨CVE-2021-23017£©
Ðû²¼Ê±¼ä 2021-05-270x00 Îó²î¸ÅÊö
CVE ID | CVE-2021-23017 | ʱ ¼ä | 2021-05-27 |
Àà ÐÍ | ´úÂëÖ´ÐÐ | µÈ ¼¶ | ¸ßΣ |
Ô¶³ÌʹÓà | ÊÇ | Ó°Ïì¹æÄ£ | Nginx 0.6.18 - 1.20.0 |
PoC/EXP | δ¹ûÕæ | ÔÚҰʹÓà | ·ñ |
0x01 Îó²îÏêÇé
NginxÊÇÒ»¸ö¸ßÐÔÄܵÄHTTPºÍ·´ÏòÊðÀíwebЧÀÍÆ÷£¬£¬£¬Í¬Ê±Ò²ÌṩÁËIMAP/POP3/SMTPЧÀÍ£¬£¬£¬ÓÉÓÚÆä¾ßÓÐÐí¶àÓÅÔ½µÄÌØÕ÷£¬£¬£¬µ¼ÖÂÔÚÈ«Çò¹æÄ£ÄÚ±»ÆÕ±éʹÓᣡ£¡£¡£¡£
2021Äê05ÔÂ25ÈÕ£¬£¬£¬Nginx¹Ù·½Ðû²¼Ç徲ͨ¸æ£¬£¬£¬¹ûÕæÁËNginx DNS ResolverÖеÄÒ»¸öí§Òâ´úÂëÖ´ÐÐÎó²î£¨CVE-2021-23017£©¡£¡£¡£¡£¡£
ÓÉÓÚNginxÔÚ´¦Öóͷ£DNSÏìӦʱ±£´æÇå¾²ÎÊÌ⣬£¬£¬µ±ÔÚÉèÖÃÎļþÖÐʹÓà ¡°resolver ¡±Ö¸Áîʱ£¬£¬£¬Ô¶³Ì¹¥»÷Õß¿ÉÒÔͨ¹ýαÔìÀ´×ÔDNSЧÀÍÆ÷µÄUDPÊý¾Ý°ü£¬£¬£¬½á¹¹DNSÏìÓ¦Ôì³É1-byteÄÚ´æÁýÕÖ£¬£¬£¬´Ó¶øµ¼Ö¾ܾøÐ§ÀÍ»òí§Òâ´úÂëÖ´ÐС£¡£¡£¡£¡£
¸ÃÎó²î½öÔÚÉèÖÃÁËÒ»¸ö»ò¶à¸ö¡°resolver¡±Ö¸ÁîµÄÇéÐÎϱ£´æ£¬£¬£¬¶øÄ¬ÈÏÇéÐÎÏÂûÓÐÉèÖᣡ£¡£¡£¡£
0x02 ´¦Öóͷ£½¨Òé
ÏÖÔÚ¸ÃÎó²îÒÑÔÚÒÔϰ汾ÖÐÐÞ¸´£¬£¬£¬½¨Ò龡¿ì¾ÙÐÐÉý¼¶¸üУº
NGINX Open Source 1.20.1 (stable)
NGINX Open Source 1.21.0 (mainline)
NGINX Plus R23 P1
NGINX Plus R24 P1
ÒÔϰ汾µÄNGINX Ingress Controller°üÀ¨NGINX Open SourceºÍNGINX PlusµÄÐÞ¸´³ÌÐò°æ±¾£º
NGINX Ingress Controller 1.11.2 ¨C NGINX Plus R23 P1
NGINX Ingress Controller 1.11.3 ¨C NGINX Open Source 1.21.0 ºÍNGINX Plus R23 P1
ÏÂÔØÁ´½Ó£º
http://nginx.org/en/download.html
²¹¶¡Á´½Ó£º
http://nginx.org/download/patch.2021.resolver.txt
0x03 ²Î¿¼Á´½Ó
http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html
https://www.nginx.com/blog/updating-nginx-dns-resolver-vulnerability-cve-2021-23017/
https://support.f5.com/csp/article/K12331123
0x04 ʱ¼äÏß
2021-05-25 NginxÐû²¼Ç徲ͨ¸æ
2021-05-27 VSRCÐû²¼Ç徲ͨ¸æ
0x05 ¸½Â¼
CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/