Apache mod_userdir模块信息泄露漏洞

2008-04-09 04:27:17来源：互联网阅读 ()

Apache mod_userdir模块信息泄露漏洞

发布日期：2003-12-04
更新日期：2004-08-02

受影响系统：

Apache Software Foundation Apache 2.0a9
Apache Software Foundation Apache 2.0.48
Apache Software Foundation Apache 2.0.47
Apache Software Foundation Apache 2.0.46
Apache Software Foundation Apache 2.0.45
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.42
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.40
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.35
Apache Software Foundation Apache 2.0.32
Apache Software Foundation Apache 2.0.28
Apache Software Foundation Apache 2.0
Apache Software Foundation Apache 1.3.31
Apache Software Foundation Apache 1.3.29
Apache Software Foundation Apache 1.3.28
Apache Software Foundation Apache 1.3.27
Apache Software Foundation Apache 1.3.25
Apache Software Foundation Apache 1.3.24
Apache Software Foundation Apache 1.3.23
Apache Software Foundation Apache 1.3.22
Apache Software Foundation Apache 1.3.20
Apache Software Foundation Apache 1.3.19
Apache Software Foundation Apache 1.3.18
Apache Software Foundation Apache 1.3.17
Apache Software Foundation Apache 1.3.14
Apache Software Foundation Apache 1.3.12
Apache Software Foundation Apache 1.3.11
Apache Software Foundation Apache 1.3
Apache Software Foundation Apache 1.3.26
- Conectiva Linux 8.0
- Conectiva Linux 7.0
- Conectiva Linux 6.0
- Debian Linux 3.0
- Mandrake Linux Corporate Server 2.1
- Mandrake Linux 9.0
- RedHat Linux 8.0
- RedHat Linux 7.3

描述：

BUGTRAQ ID: 10789

Apache模块mod_userdir允许使用类似http://example.com/~user/的语法来访问用户网站目录。

Apache mod_userdir默认安装配置不安全，远程攻击者可以利用这个漏洞获得敏感信息。

攻击者可以利用mod_userdir错误的配置枚举主机上的用户名等敏感信息，利用这些信息可进一步对系统进行攻击。

<*来源：m00 security
*>

测试方法：

警告

以下程序(方法)可能带有攻击性，仅供安全研究与教学之用。使用者风险自负！

HighT1mes (John Bissell) 提供了如下测试方法：

/*-------------------------------------------------------------------
*
* Exploit: wgetusr.c Windows Version
* Author: HighT1mes (John Bissell)
* Date Released: July 21, 2004
*
* --- Code ported to Windows with some added code,
* based on getusr.c exploit by CoKi ---
*
* Description from CoKi:
* ======================
*
* This tool tries to find users in a Apache 1.3.*
* server through wrong default configuration of
* module mod_userdir.
*
* My Believe:
* ===========
*
* I believe in the current state of the web right
* now this information leak bug can be pretty nasty.
* Once you have a couple login names on a system
* there are many services the attacker can target
* to attack and work his way into the target system
* to get local access.
*
* Program Usage:
* ==============
*
* Use: wgetusr [options] -h <host> -u <usrfile>
* -h Host
* -u Users file
* Options
* -f Try log on via FTP
* -p Try log on via POP3
*
* VC 6.0 Compilation Information:
* =================================
*
* First go on the net and get the getopt libs and header
* file for VC 6.0 Here's a link...
*
* http://prantl.host.sk/getopt/files/getopt-msvs6.zip
*
* Now extract the libs into your standerd VC Lib directory,
* and extract the getopt.h header file of course into the
* Include directory.
*
* Now to compile make a new console app project,
* then put this source file in the project.
* Next goto Project->Settings. Then click on
* the link tab then goto the input catagory.
* Now add getopt.lib to the end of objects/librarys
* modules text box. Then in the Ignore Librarys
* text box type LIBCD.lib to ignore that lib and allow
* compilation to complete because of getopt lib.
*
* Also you where you added getopt.lib to the
* objects/librarys modules text box put ws2_32.lib
* in that text box as well.
*

标签：

版权申明：本站文章部分自网络，如有侵权，请联系：west999com@outlook.com
特别注意：本站所有转载文章言论不代表本站观点，本站所提供的摄影照片，插画，设计作品，如需使用，请与原作者联系，版权归原作者所有