24 cмертных греха компьютерной безопасности

364
 М. Хов ар д Я Леб л анк Д хсбь сг а М СМЕРТНЫХ  __ __ ГРЕХА ^ КОМПЬЮТЕРНОЙ БЕЗОПАСНОСТИ Как написать безопасный код Ь * Гре хи * е 6- прил ажени й  X  Крилтогрэфичесо * гре хи < Гре хи ре ал изац и и Т Се те » ые гре хи

Upload: anna-zharkova

Post on 01-Nov-2015

313 views

Category:

Documents


8 download

DESCRIPTION

Книга для IT

TRANSCRIPT

  • .

    ______ ^

    * *6- X * <

  • . , . , .

    ^ *

    - --

    2010

  • 32.973-018-07 004.49 68

    ., ., .68 24 . .

    .: , 2010. 400 .: .

    ISBN 978-5-49807-747-5

    , . , ( ), . The 19 Deadly Sins of Software Security, .

    , Microsoft , , 24 , , , .

    32.973-018-07 004.49

    McGraw-Hill. . ., , , . , , , .

    ISBN 978-0071626750 (.) ISBN 978-5-49807-747-5

    McGraw-Hill, 2009 ,

    , 2010

  • . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

    I. -

    1. SQL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

    2. , - (XSS, XSRF ). . . . . . . . . . . . 60

    3. , - (X SS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 4. URL, cookie . . . . . . . . . . . . . . . . . . . 102

    .

    5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

    7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

    8. C++. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

  • 6

    9. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

    10. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

    11. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

    12. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

    13. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

    14. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

    15. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

    16. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

    17. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

    18. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284

    III.

    19. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

    20. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316

    21. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332

    IV.

    22. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355

    23. PKI ( SSL). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366

    24. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378

    . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388

  • . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

    . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

    . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

    . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

    I.

    1 . S Q L . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 C W E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

    L IX Q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

  • 8

    ..........................................................................................................................................41Perl/CGI ................................................................................................................................ 41Python......................................................................................................................................42Ruby on Rails...........................................................................................................................42JavanJDBC ...........................................................................................................................42C /C + + ......................................................................................................................................43SQL ......................................................................................................................................... 44 ..........................................................................................................45

    ............................................................................................................................ 46 .............................................................................................46 ...................................................................47....................................................................................................................................... 49

    CVE-2006-4953 .....................................................................................................................50CVE-2006-4592 ......................................................................................................................50

    ..................................................................................................................... 51 .............................................................................................................51 SQ L ......................51C # ..............................................................................................................................................52 5.0/MySQL 4.1 ................................................................................................52Perl/CGI .................................................................................................................................53Python...................................................................................................................................... 53Java JD B C ............................................................................................................................. 54ColdFusion...............................................................................................................................55SQL ..........................................................................................................................................55 QUOTENAME REPLACE ..................................................................56 DBMS_ASSERT?....................................................................... 56 CAT.NET.....................................................................................................56

    ...................................................................................... 57 .....................................................57 URLScan.....................................................................................................57

    .............................................................................................................................58............................................................................................................................................. 59

    2. , - (XSS, XSRF )................. 60 ...........................................................................................................................60 CWE ...............................................................................................................................61 ...................................................................................................62 ................................................................................................................................. 62

    XSS DOM ( 0 ) ........................................................................................62 XSS, XSS ( 1) ..................................... 62 XSS, XSS ( 2 ) .......................................65 H T T P .................................................................................................66 ........................................................................ 67Ruby on Rails (X S S )............................................................................................................. 68Ruby on Rails ( )..................................................................................68 CGI, Python (XSS) ............................................................69 CGI, Python ( )................................69ColdFusion (XSS) ................................................................................................................. 69C/C++ ISAPI (X SS)............................................................................................................. 69C/C++ ISAPI ( ) ................................................................................70

  • ASP (X S S )..............................................................................................................................70ASP ( ) ................................................................................................ 70 ASP.NET (XSS) ......................................................................................................70ASP.NET ( ).........................................................................................70JSP(XSS) .............................................................................................................................. 71JSP ( ).................................................................................................. 71 (XSS) ............................................................................................................................71 ( )................................................................................................ 71CGI/Perl (X S S ).....................................................................................................................71mod_perl (XSS) .................................................................................................................... 72modperl ( ).........................................................................................72 HTTP (XSRF) ......................................................................................................72

    ............................................................................................................................72 ..............................................................................................73

    XSRF .........................................................74 .................................................................... 74.......................................................................................................................................75

    CVE-2003-0712 Microsoft Exchange 5.5 Outlook Web Access X S S ............................. 75CVE-2004-0203 Microsoft Exchange 5.5 Outlook Web Access:

    7fi ........................................................................................................ ' CVE-2005-1674 Help Center Live (XSS XSRF)..................76

    (XSS ) ............................................................... 76Ruby on Rails (X S S )..............................................................................................................77ISAPI C/C++ (X SS)..............................................................................................................77Python (XSS) .........................................................................................................................78ASP (X S S ).............................................................................................................................. 78ASP.NET Web Forms (X S S ).................................................................................................79ASP.NET Web Forms (RS) ...................................................................................................79JSP (XSS) .............................................................................................................................. 80PHP(XSS) ............................................................................................................................ 82CGI (X S S ).............................................................................................................................. 82mod_perl (XSS) .....................................................................................................................83

    (XSRF)......................................................................................................83 - ........................................................................................................... 83 PO ST/G ET........................................................................................................84Ruby on Rails (XSRF) ..........................................................................................................84ASP.NET Web Forms (XSRF) .............................................................................................84 HTML .......................................85

    ...........................................................................................86Cookie HttpOnly.............................................................................................. 86 ..............................................................................86 ASP.NET ViewStateUserKey ............................................................................86 ASP.NET ValidateRequest................................................................................. 87ASP.NET Security Runtime Engine ................................................................................... 87OWASP CSRFGuard ........................................................................................................... 87Apache::TaintRequest ........................................................................................................... 87UrlScan................................................................................................................................... 87 .......................................................................................88

    ............................................................................................................................88............................................................................................................................................ 89

    9

  • 10

    . , - ( X S S ) ......................................................................................... 91 ........................................................................................................................... 91 CWE .............................................................................................................................. 93 ...................................................................................................93..................................................................................................................................93

    ..................................................................... 94JavaScript HTML............................................................................................................... 95

    ............................................................................................................................ 95 ...............................................................................................96 .....................................................................96....................................................................................................................................... 97

    Microsoft ISA Server XSS CVE-2003-0526 ........................................................................97Windows Vista Sidebar CVE-2007-3033 CVE-2007-3032 ............................................97Yahoo! Instant Messenger ActiveX Control CVE-2007-4515 .......................................... 98

    .....................................................................................................................98He ..........................................................98 ..................................................................................99

    ..................................................................................... 100 ...................................................................................................................... 100 ....................................................................................................................................... 100

    4. URL, cookie ........................................ 102 .................................................................................................................... 102 WE ........................................................................................................................ 103 ............................................................................................ 103............................................................................................................................ 103

    U R L ............................................................................................................. 103 cookie.................................................................................................... 104 ........................................................................................................ 104 .................................................................................................... 104

    ...................................................................................................................... 104 ......................................................................................... 105 ............................................................... 106................................................................................................................................. 107

    CVE-2005-1784 ............................................................................................................... 107 ....................................................................................................... 107 ............................................................................ 107 ............................................................................ 108 ..................................................................................... 109 ....................................................................................... 110

    ................................................................................ 111 ...................................................................................................................... 111....................................................................................................................................... 111

    II.

    5. ................................................................................................................................................... 115 CWE ........................................................................................................................ 116 ............................................................................................ 117

  • 11

    ............................................................................................................................ 11864- .................................................................................................... 121C /C + + ................................................................................................................................ 122 .................................................................................................... 124

    ...................................................................................................................... 125 ......................................................................................... 125 ............................................................... 126................................................................................................................................. 127

    CVE-1999-0042 ............................................................................................................... 127CVE-2000-0389-CVE-2000-0392 ................................................................................ 127CVE-2002-0842, CVE-2003-0095, CAN-2003-0096 .................................................. 128AN-2003-0352 ................................................................................................................... 128

    ............................................................................................................... 129 .................................................. 129 ................................................................................. 129 ............................................................... 130 C++ ........................................................... 130 STL .................................................. 130 ................................................................................. 130 ................................................................................ 131 ..................................................................................................................... 131 ......................................................................................... 132

    ...................................................................................................................... 132....................................................................................................................................... 133

    6. ...................................................................................................................................... 134 ..................................................................................................................... 134 WE ........................................................................................................................ 135 ............................................................................................ 135............................................................................................................................ 135

    C /C + + ................................................................................................................................ 138 .................................................................................................... 139

    ...................................................................................................................... 139 ......................................................................................... 139 ............................................................... 140................................................................................................................................. 140

    CVE-2000-0573 ............................................................................................................... 140CVE-2000-0844 ............................................................................................................... 140

    ............................................................................................................... 141C /C + + ................................................................................................................................ 141

    ............................................................................... 142 ...................................................................................................................... 142....................................................................................................................................... 142

    7 . ................................................................................................................................ 143 ..................................................................................................................... 143 WE ........................................................................................................................ 144 ............................................................................................. 144............................................................................................................................ 144

  • 12

    C /C + + ............................................................................................................................... 145 ............................................................................................ 145 ......................................................................................... 147 ...................................................................................................... 150 ....................................................................................................... 150 64- .................................................................. 150 .................................................................................................. 152C # ....................................................................................................................................... 152 checked unchecked ........................................................................ 153Visual Basic Visual Basic .NET................................................................................... 154Java..................................................................................................................................... 155Perl..................................................................................................................................... 155

    ...................................................................................................................... 156 ......................................................................................... 156

    C /C + + ............................................................................................................................... 157C # ....................................................................................................................................... 159Java..................................................................................................................................... 159Visual Basic Visual Basic .NET................................................................................... 159Perl..................................................................................................................................... 160

    ............................................................... 160................................................................................................................................. 160

    SearchKit API Apple Mac OS X ................................................................................................ 160

    Google Android S D K ............................................ 161

    Windows Script Engine ......................................................................................... 161 H T R ............................................................................. 161

    ............................................................................................................... 162 .................................................................................................. 162 ............................................................................................................... 162 ..................................................................................... 163 Safelnt....................................................................................................... 164

    ............................................................................... 165 ...................................................................................................................... 166....................................................................................................................................... 166

    8. C + + ................................................................................................................................................................ 167 .................................................................................................................... 167 WE ........................................................................................................................ 168 ............................................................................................ 168............................................................................................................................ 169

    delete.................................................................................................................. 169 ......................................................................................... 170 .............................................................................................. 171 .................................................................... 172 STL......................................................................................... 172 ......................................................................................... 173

    ...................................................................................................................... 173 ......................................................................................... 174 ............................................................... 174

  • 13

    ................................................................................................................................. 174CVE-2008-1754 ............................................................................................................... 174

    ............................................................................................................... 175 new d elete ............................................................................ 175 .......................................................................................... 175 ................................................................................. 176 ........................................................................................... 176STL..................................................................................................................................... 177 ............................................................................ 177

    ............................................................................... 177 ...................................................................................................................... 178....................................................................................................................................... 178

    9. ................................................................................................................................................ 179 .................................................................................................................... 179 CWE ........................................................................................................................ 179 ............................................................................................ 180............................................................................................................................ 180

    C++ ........................................................................................................... 180 ....................................... 183 ....................................................................................................... 185#, VB.NET J ava ......................................................................................................... 185Ruby................................................................................................................................... 186

    ...................................................................................................................... 186 ......................................................................................... 187 ............................................................... 188................................................................................................................................. 188

    CVE-2007-0038 ............................................................................................................... 188 ............................................................................................................... 188

    C++ ................................................................................................................................... 188SEH ................................................................................................................................... 189 .................................................................................................. 189

    ...................................................................................................................... 190....................................................................................................................................... 190

    10. .......................................................................................................................................................... 191 .................................................................................................................... 191

    C W E .................................................................................................................. 192 ............................................................................................ 192............................................................................................................................ 192

    .................................................................................................... 194 ...................................................................................................................... 194 ......................................................................................... 194 ............................................................... 196................................................................................................................................. 197

    CAN-2001-1187 ............................................................................................................... 197CAN-2002-0652 ............................................................................................................... 197 ................................... .................................................................... 198 ........................................................................................................... 198 .............................................................................. 201

  • 14

    ..................................................................................... 201 ...................................................................................................................... 202 ....................................................................................................................................... 202

    1 1 . ...................................................................................................................... 203 .................................................................................................................... 203 CWE ........................................................................................................................ 204 ............................................................................................ 204............................................................................................................................ 204

    ...................................................................... 204 ................................................................................................ 204 ............................................................................... 205 ........................................................................ 206 ............................................ 206C /C + + ............................................................................................................................... 206C /C ++ Windows ...................................................................................................... 207 .................................................................................................... 208

    ...................................................................................................................... 208 ......................................................................................... 208 ............................................................... 208................................................................................................................................. 208

    CVE-2007-3798 tcpdump print-bgp.c: ........... 208CVE-2004-0077 Linux: do_mremap.................................................................... 208

    ............................................................................................................... 209C /C + + ................................................................................................................................ 209C/C++ Microsoft Visual C + + .................................................... 209

    ...................................................................................................................... 210 ....................................................................................................................................... 210

    12. ...................................................................................................................................................... 2 11 .................................................................................................................... 211 CWE ........................................................................................................................ 212 ............................................................................................ 212

    ...................................................................................................................... 212 ........................................................................................................... 213 ......................................................................................................... 213 .................................................................................................... 214 ................................................................................... 214 ..................................................................................... 215 ....................................................................................... 215 ........................................................................................................ 216 ................................................................................... 216

    ................................................................. 216C# ( )............................................................................................ 218 .................................................................................................... 218

    ...................................................................................................................... 219 ......................................................................................... 219 ............................................................... 220

    ............................................................................ 220

  • 15

    ................................................................................................................................. 221CVE-2008-4638 ............................................................................................................... 221CVE-2005-1133 ............................................................................................................... 221

    ............................................................................................................... 221C# ( ) ...................................................................................................... 222 ........................................................................................................... 223

    ............................................................................... 223 ...................................................................................................................... 224....................................................................................................................................... 225

    13 . ................................................................................................................................................................ 226 CWE ........................................................................................................................ 227 ............................................................................................ 227............................................................................................................................ 227

    ............................................................................................................................. 229 .................................................................................................... 230

    ...................................................................................................................... 230 ......................................................................................... 231 ............................................................... 232................................................................................................................................. 232

    CVE-2008-0379 ............................................................................................................... 232CVE-2008-2958 ............................................................................................................... 233CVE-2001-1349 ............................................................................................................... 233CAN-2003-1073 ............................................................................................................... 233CVE-2000-0849 ............................................................................................................... 233

    ............................................................................................................... 234 ............................................................................... 236 ...................................................................................................................... 236....................................................................................................................................... 236

    14 . .......................................................................................................................................................... 237 .................................................................................................................... 237 CWE ........................................................................................................................ 238 ............................................................................................ 238............................................................................................................................ 238 ......................................................................................... 239 : ...................... 240

    .................................................................................................... 241 ...................................................................................................................... 241 ......................................................................................... 241 ............................................................... 242

    .......................................................................................................................... 242 SSL/TLS....................................................... 242 Internet Explorer 4 .0 ....................................... 243

    ................................................................................................................ 244 ........................ 244 ............................................ 244 , .......................................................................................... 245 ............................... 246

  • 16

    ................................................................................... 247 .................................................................... 248 ........................................................... 248

    ...................................................................................................................... 248....................................................................................................................................... 249

    15. ...................................................................................................................................... 250 .................................................................................................................... 250 WE ........................................................................................................................ 251 ............................................................................................ 251............................................................................................................................ 251

    ........................................................................ 251 .................................................................................................... 251 ....................................................................................... 252 .................................................................................................. 252 ......................................................................................... 252 ............................................................................... 252 ..................................................................................... 252 ................................................................................... 253 .............................................................................. 253 D N S................................................................................................................. 253 ..................................................................................... 253 ................................................................................. 253 ................................................................................................ 254 .................................................................... 254

    ...................................................................................................................... 254 ............................................................................... 255 ............................................................... 255................................................................................................................................. 255

    Apple QuickTime ..................................................................................... 255 Microsoft SQL Server 2000 ................................................................... 256 Google Chrome ................................................................................................ 256

    ............................................................................................................... 256 ........................................................ 256 .................................................................................................... 256 ....................................................................................... 257 .............................................................................................. 257 ......................................................................................... 257 ................................................................................ 257 ..................................................................................... 258 ................................................................................... 258 .............................................................................. 259 D N S................................................................................................................. 259 ..................................................................................... 259 ................................................................................. 260 ................................................................................................ 260 .................................................................... 260

    ................................................................................ 261 ...................................................................................................................... 261....................................................................................................................................... 261

  • 17

    16. ............................................................................ 262 .................................................................................................................... 262 CWE ........................................................................................................................ 263 ............................................................................................ 263............................................................................................................................ 263

    .................................................................................................... 264 ...................................................................................................................... 265 ......................................................................................... 265 ............................................................... 265................................................................................................................................. 266 ............................................................................................................... 266

    Windows, C + + ........................................................................................................... 267Linux, BSD Mac OS X ................................................................................................ 269 .NET .......................................................................................................................... 270

    ............................................................................... 270 ...................................................................................................................... 270....................................................................................................................................... 270

    1 7 . ................................................................................................................... 2 71 .................................................................................................................... 271 WE ........................................................................................................................ 272 ............................................................................................ 272............................................................................................................................ 272

    ................................................ 272 ACL Windows ................................................................................... 273 UNIX .......................................................................................... 273 .................................................................................................... 274 ............................................................................... 276

    ............................................................................ 276 .................................................................................................... 277

    ...................................................................................................................... 277 ......................................................................................... 278 ............................................................... 278................................................................................................................................. 279

    CVE-2000-0100 ............................................................................................................... 280CVE-2005-1411 ............................................................................................................... 280CVE-2004-0907 ............................................................................................................... 280

    ............................................................................................................... 280C++ Windows........................................................................................................... 281C# Windows ............................................................................................................. 282C /C ++(GNOME)........................................................................................................... 282

    ............................................................................... 283 ...................................................................................................................... 283....................................................................................................................................... 283

    18. ...................................................................................................................................... 284 .................................................................................................................... 284 CWE .......................................................frv. ,.. ^ ^ 286 .......................... ^

  • 18

    ............................................................................................................................ 286 ............................................................................................................... 287 ..................................................................................... 287 .................................................................................................... 287

    ...................................................................................................................... 288 ......................................................................................... 288 ............................................................... 289................................................................................................................................. 289

    CVE-2006-2198 ............................................................................................................... 289CVE-2008-1472 ............................................................................................................... 290CVE-2008-5697 ............................................................................................................... 290

    ............................................................................................................... 290 ..................................................................................... 290 ............................................................................................................... 292

    ............................................................................... 292 ...................................................................................................................... 292....................................................................................................................................... 293

    III.

    19. ................................................................................................................................................................ 297 .................................................................................................................... 297 CWE ........................................................................................................................ 298 ............................................................................................ 298............................................................................................................................ 298

    .................................................................................................... 299 ................................................................................................................. 299 ........................................................................................................... 300 .................................................................... 300 .................................................................................................... 300 ............................................................................ 300 -.......................................................................... 301 - ................................... 301 ............................................................. 302 .............................................................................................. 302 ............................................................................... 303 .................................................................................................... 303

    ...................................................................................................................... 303 .................................................................................................... 303 ................................................................................................................. 303 ........................................................................................................... 303 .................................................................... 304 .................................................................................................... 304 ............................................................................ 304 ..................................................................................... 304 -.......................................................................... 305 .............................................................................................. 305 ........................................................... 305

    ...................................................................................................................... 305i

  • ............................................................... 306 .................................................................................................... 306 ............................................................................ 306 ..................................................................................... 306

    ................................................................................................................................. 307 ! ............................................................................................................... 307 Microsoft Office....................................................... 307 Adobe Acrobat ..................................................................................... 308 WU-ftpd ............................................................................................ 308CVE-2005-1505 ............................................................................................................... 308CVE-2005-0432 ............................................................................................................... 309 TENEX ............................................................................................................. 309 ................................................................... 309

    ............................................................................................................... 309 ....................................................................................................... 310 ................................................................................................................. 310 ........................................................................................................... 310 ....................................................................................................... 310 .................................................................................................... 311 ............................................................................ 311 ............................................................................................................. 311 .................................................. 312 ...................................................... 313 ............................................................................................................. 313

    ............................................................................... 313 ...................................................................................................................... 314....................................................................................................................................... 314

    20. ...................................................................................................................................... 316 CWE ........................................................................................................................ 316 ............................................................................................ 317............................................................................................................................ 317

    - ............................................................................ 318 ................................................................................. 318 ........................................................................ 319

    ......................................................................................................... 320 ...................................................................................................................... 320 ............................................................................... 321

    .................................................... 321 .............................................................................. 321 ...................................................... 322

    ............................................................... 323................................................................................................................................. 323

    TCP/IP ....................................................................................... 323 O D F ................................................................... 323CVE-2008-0166: Debian ............................ 325 Netscape............................................................................................................. 325

    ............................................................................................................... 325Windows, C + + ........................................................................................................... 325Windows TPM (Trusted Platform M odule)....................................... 326

    19

  • 20

    .NET .................................................................................................................. 327U N IX ................................................................................................................................. 327Java..................................................................................................................................... 328

    ............................................................. 329 ............................................................................... 329 ...................................................................................................................... 330....................................................................................................................................... 330

    2 1 . ...................................................................................................................... 332 .................................................................................................................... 332 CWE ........................................................................................................................ 333 ............................................................................................ 333............................................................................................................................ 333

    ......................................................... 333 ,

    .................................................... 334 ..................................... 334 .......................... 335 ......................................... 338 ......................................... 338 ...................................................................................................... 338 ...................................................... 338 ...................................................................... 339 ............................................................................. 339 ............................................................................... 340

    ......................................................................................................... 340 ...................................................................................................................... 340 ............................................................................... 341

    (VB.NET C + + ) .......................... 341 ,

    .................................................... 342 (C# C++) ............... 342

    (Ruby, C# C + + )...................................................................................................... 342 ......................................... 343 ......................................... 343

    ............................................................... 343................................................................................................................................. 343

    .................................................................... 343 XOR Microsoft Office............................................................................ 344Adobe Acrobat KDF Microsoft Office....................................................... 344

    ............................................................................................................... 345 ......................................................... 345 ,

    .................................................... 345 ......................................... 345 .......................... 345.................................................................................................................. 346 ................................................ 347 ...................................................................................................... 347

  • 21

    ...................................................... 347 ...................................................................... 348 .............................................................................. 348 ............................................................................... 349 ......................................... 349

    ................................................................................ 350 ...................................................................................................................... 350....................................................................................................................................... 350

    IV.

    22. ...................................................................................................................... 355 .................................................................................................................... 355

    C W E ................................................................................................................... 356 ............................................................................................ 356............................................................................................................................ 356 ......................................................................................................... 360 ...................................................................................................................... 361 ............................................................................... 361 ............................................................... 361................................................................................................................................. 362

    T C P /IP .............................................................................................................................. 362 ................................................................................... 363E*TRADE ........................................................................................................................ 363

    ............................................................................................................... 363 ............................................................................... 364 ...................................................................................................................... 364....................................................................................................................................... 364

    23. PKI ( S S L ) ........................................................................ 366 .................................................................................................................... 366 CWE ........................................................................................................................ 367 ............................................................................................ 368............................................................................................................................ 368

    .................................................................................................... 369 ...................................................................................................................... 369 ............................................................................... 369 ............................................................... 371................................................................................................................................. 372

    CVE-2007-4680 ............................................................................................................... 372CVE-2008-2420 ............................................................................................................... 372

    ............................................................................................................... 372 ................................................................. 373 .................................................................................................... 374 ..................................................................................... 375 PKI ..................................... 376

    ................................................................................ 376 ...................................................................................................................... 376....................................................................................................................................... 377

  • 22

    24. ............................................................................ 378 .................................................................................................................... 378 CWE ........................................................................................................................ 379 ............................................................................................ 379............................................................................................................................ 379

    ....................................................................................................... 382 .................................................................................................... 383

    ...................................................................................................................... 383 ............................................................................... 384 ............................................................... 384................................................................................................................................. 385

    CVE-2002-0676 ............................................................................................................... 385CVE-1999-0024 ............................................................................................................... 385

    ............................................................................................................... 386 ...................................................................................................................... 387....................................................................................................................................... 387

    .................................................................................................................................................................... 388

  • SQL

    SQL( SQL injection) , , , . , , ; , SQL.

    . , SQL ( , !), , . , , .

    SQL. , , : /1433 Microsoft SQL Server; /1521 Oracle;

  • 38 1 SQL

    . /523 IBM DB2;

    . /3306 MySQL ,

    , !

    , . SQL . , .

    , . , , , . 9 BDSG ( ) , .

    , 2002 404, , . , SQL, , . , , 6.5.6 (Payment Card Industry (PCI) Data Security Standard (DSS)), :

    - , , OWASP. , , ... (, SQL (Structured Query Language)).

    , : (PCD DSS), 6.6: , SQL:

    , - , SQL.

    PCI DSS - , , .

    , , (HIPAA, Health Insurance Portability and Accountability Act) 1996 , , ...

  • 39

    ... , : ; :

    1) ;2) ., SQL,

    , , HI .

    , SQL ; , , . .

    CWE CWE (CommonWeakness Enumeration) , CWE/SANS 25 : CWE-89: SQL (

    SQL).

    , ! : Perl, Python, Ruby, Java, (, ASP, ASP.NET, JSP ), C# VB.NET. , C++ (, FairCom c-tree Microsoft Foundation Classes). , SQL .

    , , , SQL . SQL.

  • 40 1 SQL

    , , , . , !

    SQL, , , .

    LINQ Microsoft .NET Framework 3.5 , LINQ (Language Integrated Query ), SQL; LINQ SQL .

    SQL, SQL .

    LINQ: var q =

    from in db.Customers where c.City == "Austin" select c.ContactName:

    SQL:SELECT [tO].[ContactName]FROM [dbo].[Customers] AS [tO]WHERE [tO].[City] = (PpO-- @p0: Input NVarChar (Size = 6; Prec = 0; Scale = 0) [Austin]

    c# SQL:using System.Data:using System.Data.SqlClient:

    string status = "": string ccnum = "None": try {

    SqlConnection sql= new SqlConnection(@"data source=localhost:M +"user id=sa;password=pAs$wOrd;");

    sql .OpenO:string sqlstring="SELECT ccnum" +

    " FROM cust WHERE id=" + Id:SqlCommand cmd = new SqlCommand(sqlstring,sql); ccnum = (string)cmd.ExecuteScalar():

    } catch (SqlException se) {status = sqlstring + " failed\n\r";

    foreach (SqlError e in se.Errors) { status += e.Message + "\n\r";

  • 41

    :string sqlstring="SELECT ccnum" +

    " FROM cust WHERE id-XID*": string sqlstring2 = sqlstring.Replace('%ld%'.id);

    PHP , , : .

  • 42 1 SQL

    # while (@row = $sth->fetchrow_array ) {

    print "@row";}

    $dbh ^ disconnect; print "";

    exit;

    PythonPython -. , , SQL. Python , MySQL, Oracle SQL Server; Microsoft Open Database Connectivity (ODBC). Python DBAPI-.

    , , MySQL: import MySQLdbconn = MySQLdb.connect(host="127.0.0.1" .portK^Oe.user^'admin". passwd=,,N01WillGue$S" .db="cl ientsDB) cursor = conn.cursor()cursor.executeC'select * from customer where id=" + id)results = cursor, fetchal 10conn.closeO

    Ruby on RailsRuby -, . Rails -- (MVC). : Post.find(:first, conditions => [?title = #{params[:search_string]}?])

    !

    ----------------------------------------------------------------------------------------------------- 2.1 Rails SQL, , ActiveRecord :limit :offset. Rails, - 2.1 .

    Java JDBC Java SQL:

  • 43

    import java.*; import java.sql

    public static boolean doQuery(String Id) {Connection con = null; try {

    Class.forName("com.mi crosoft.jdbc.sqlserver.SQLServerDri ver""); con = DriverManager.getConnection("jdbc:microsoft:sqlserver: " +

    "//localhost:1433". "sa". "$3cre+");Statement st = con.createStatementO:ResultSet rs = st.executeQuery(

    " SELECT ccnum FROM cust WHERE id="+ Id); while (rs.nextO) {

    // }rs.closeO; st.closeO;

    }catch (SQLException e){

    // 0!return false;

    }catch (ClassNotFoundException e2){

    // return false;

    }finally{

    try{

    con.closeO;} catch(SQLException e) {}

    }return true;

    }

    C/C++- , C++ , - , !

    C++? , .int Bui 1 dPwdChange(const char* szllid.

    const char* szOldPwd. const char* szNewPwd.In z count (cchSQL) char *szSQL.

  • 44 1 SQL

    DWORD cchSQL) { int ret = 0:

    if (IszUid || IszOldPwd || IszNewPwd) return ret;

    char* szEscapeUid = (char*)malloc(strlen(szUid) * 2); char* szEscapeOldPwd = (char*)malloc(strlen(sz01dPwd) * 2); char* szEscapeNewPwd = (char*)malloc(strlen(szNewPwd) * 2);

    if (szEscapeUid && szEscapeOldPwd && szEscapeNewPwd) { szEscapeUid = Escape(szUid); szEscapeOldPwd = Escape(szOldPwd); szEscapeNewPwd = Escape(szNewPwd);

    sprintf_s(szSQL. cchSQL,"update Users set pwd='2s' where uid=,^ s""AND pwd='s'",szEscapeNewPwd, szEscapeUid, szEscapeOldPwd);

    ret = 1;}

    if (szEscapeUid) free(szEscapeUid); if (szEscapeOldPwd) free(szEscapeOldPwd); if (szEscapeNewPwd) free(szEscapeNewPwd);

    return ret;}

    , , sprint s, SQL. , szSQL 100 ; (UID), , "AND pwd=" SQL! : update Users set pwd=xyzzy'where uid='mikeh '

    mikeh, .

    SQL , . !CREATE PROCEDURE dbo.doQuery(@query nchar(128))AS

    exec(@query)RETURN

    , :

  • 45

    CREATE PROCEDURE dbo.doQuery(@id nchar(128))AS

    DECLARE @query nchar(256)SELECT @query = 'select ccnum from cust where id = ' ' +@id + ,,,,EXEC @query

    RETURN

    . , .

    SQL + 11, C0NCAT() CONCATENATE().

    Id. , , , . Id , , .

    SQL . , Id, 1 or 2>1 - -, SQL :SELECT ccnum FROM cust WHERE id=l or 2>1 --

    bash, , 2>1 stderr! 2>1 , , cust; , . 1=1, (IDS, Intrusion Detection System). , (, 2>1), .

    (--) , . - - , #. , , .

    , , . .

    : . . . .

  • 48 1 SQL

    : , , . , , , . , SQL , .

    . 17.

    , - , . SQL, , . 11.

    SQL , : ; ; ; SQL

    SQL exec ( ).

    SQL , . , SQL , , . , . :

    VB.NET Sql SqlClient, OracleClient, Sql Data Adapter

    C# Sql, SqlClient, OracleClient, Sql Data Adapter

    mysql_c nnect

    Perl1 DBI, Oracle, SQL

    Ruby ActiveRecord

    Python (MySQL) MySQLdb

  • 4 7

    Python (Oracle, cm . zope.org) DCOracle2

    Python (SQL Server, . object-craft.com.au) pymssql

    Java (cJDBC) java.sql, sql

    Active Server Pages ADODB

    C++ (Microsoft Foundation Classes) Database

    C/C++ (MySQL) #include #include

    C/C++ (ODBC) #include

    C/C++ (ADO) ADODB, #import msadol5.dll

    SQL exec, execute, sp_executesql

    ColdFusion cfquery

    , , . , , , . , SQL, , , , - SOAP. , , !

    , SQL. , . .

    , SQL. , . , - , SQL. Perl , :#!/usr/bin/perl

    use strict;use HTTP::RequestCommon qw(P0ST GET); use HTTP::Headers: use LWP::UserAgent;

    srand time;

  • 48 1 SQL

    # my Spause = 1;

    # URL- Surl = 'http://mywebserver.xyzzyl23.com/cgi-bin/post.cgi';

    # HTTP my $max_response = 1_000;

    # my @cities = qw(Auckland Seattle London Portland Austin Manchester Redmond Brisbane Ndola);

    while (1) {my $city = randomSQL($cities[rand cities]); my Szip = randomSQL(10_000 + int(rand 89999));

    pr