NGINX njs »º³åÇø¹ýʧÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-06-05

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-12208£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬CVSS·ÖÖµ£º9.8


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


NGINXÖÐʹÓõÄnjs 0.3.1¼°Ö®Ç°°æ±¾


Îó²î¸ÅÊö


NGINXÊÇÃÀ¹úNGINX¹«Ë¾µÄÒ»¿îÇáÁ¿¼¶WebЧÀÍÆ÷/·´ÏòÊðÀíЧÀÍÆ÷¼°µç×ÓÓʼþ£¨IMAP/POP3£©ÊðÀíЧÀÍÆ÷¡£¡£¡£¡£¡£njsÊÇÆäÖеÄÒ»¸öÖ§³ÖÀ©Õ¹NGINX¹¦Ð§µÄ¾ç±¾ÓïÑÔ×é¼þ¡£¡£¡£¡£¡£


NGINXÖÐʹÓõÄnjs 0.3.1¼°Ö®Ç°°æ±¾µÄnjs/njs_function.cÎļþµÄ¡®njs_function_native_call¡¯º¯Êý±£´æ»ùÓڶѵĻº³åÇøÒç³öÎó²î¡£¡£¡£¡£¡£¸ÃÎó²îÔ´ÓÚÍøÂçϵͳ»ò²úÆ·ÔÚÄÚ´æÉÏÖ´ÐвÙ×÷ʱ£¬£¬Î´×¼È·ÑéÖ¤Êý¾Ý½çÏߣ¬£¬µ¼ÖÂÏò¹ØÁªµÄÆäËûÄÚ´æλÖÃÉÏÖ´ÐÐÁ˹ýʧµÄ¶Áд²Ù×÷¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉʹÓøÃÎó²îµ¼Ö»º³åÇøÒç³ö»ò¶ÑÒç³öµÈ¡£¡£¡£¡£¡£ 


Îó²îÑéÖ¤


POC£ºhttps://github.com/nginx/njs/issues/163¡£¡£¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÔÝδÐû²¼ÐÞ¸´²½·¥½â¾ö´ËÇå¾²ÎÊÌ⣬£¬½¨ÒéʹÓôËÈí¼þµÄÓû§Ëæʱ¹Ø×¢³§ÉÌÖ÷Ò³»ò²Î¿¼ÍøÖ·ÒÔ»ñÈ¡½â¾ö²½·¥£ºhttps://nginx.org/ ¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó


http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201905-806