A cikin uwar garken http (nhttpd) rauni
(CVE-2019-16278), wanda ke bawa maharin damar aiwatar da lamba daga nesa akan sabar ta hanyar aika buƙatun HTTP na musamman. Za a gyara batun a saki (ba a buga ba tukuna). Yin la'akari da bayanai daga injin bincike na Shodan, ana amfani da uwar garken Nostromo http akan kusan runduna 2000 masu isa ga jama'a.
Rashin lahani yana faruwa ta hanyar kuskure a cikin aikin http_verify, wanda ke rasa damar yin amfani da abubuwan da ke cikin tsarin fayil a wajen tushen tushen rukunin yanar gizon ta hanyar wuce jerin ".%0d./" a cikin hanyar. Rashin lahani yana faruwa ne saboda ana yin duban kasancewar haruffan “../” kafin a aiwatar da aikin daidaita hanyar, wanda a ciki aka cire sabbin haruffa (% 0d) daga igiyar.
domin rauni, zaku iya samun dama ga / bin/sh maimakon rubutun CGI kuma aiwatar da kowane ginin harsashi ta hanyar aika buƙatar POST zuwa URI “/.%0d./.%0d./.%0d./.%0d./bin /sh" da wuce umarni a cikin jikin buƙatar. Abin sha'awa, a cikin 2011, an riga an gyara irin wannan rauni (CVE-2011-0751) a Nostromo, wanda ya ba da damar kai hari ta hanyar aika buƙatar "/ ..% 2f ..% 2f ..% 2fbin / sh".
source: budenet.ru