Executive Summary
Summary | |
---|---|
Title | Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability |
Informations | |||
---|---|---|---|
Name | VU#180065 | First vendor Publication | 2009-09-15 |
Vendor | VU-CERT | Last vendor Modification | 2009-09-15 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#180065Nginx ngx_http_parse_complex_uri() buffer underflow vulnerabilityOverviewA vulnerability in the nginx web server may allow remote attackers to execute arbitrary code on an affected system.I. Descriptionnginx is an HTTP server and mail proxy server that is available for a number of different platforms. A buffer underflow vulnerability exists in the ngx_http_parse_complex_uri() function when handling specially crafted URIs. Exploitation of this vulnerability would cause the nginx server to write data contained in the URI to heap memory before the allocated buffer.II. ImpactAs with a number of other web servers, nginx is designed to operate with a single privileged master process and multiple unprivileged worker processes handling specific requests. A remote, unauthenticated attacker may be able to execute arbitrary code in the context of the worker process or cause the worker process to crash, resulting in a denial of service.III. SolutionUpgrade or apply a patchUpdated versions of the nginx package have been released to address this issue. Users should consult the Systems Affected section of this document for information about specific vendors.
ReferencesThanks to Chris Ries of the Carnegie Mellon University Information Security Office for reporting this vulnerability. This document was written by Chad R Dougherty.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/180065 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13138 | |||
Oval ID: | oval:org.mitre.oval:def:13138 | ||
Title: | DSA-1884-1 nginx -- buffer underflow | ||
Description: | Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process or possibly perform denial of service attacks by repeatedly crashing worker processes via a specially crafted URL in an HTTP request. For the oldstable distribution, this problem has been fixed in version 0.4.13-2+etch2. For the stable distribution, this problem has been fixed in version 0.6.32-3+lenny2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 0.7.61-3. We recommend that you upgrade your nginx packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1884-1 CVE-2009-2629 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | nginx |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7674 | |||
Oval ID: | oval:org.mitre.oval:def:7674 | ||
Title: | DSA-1884 nginx -- buffer underflow | ||
Description: | Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process (www-data on Debian) or possibly perform denial of service attacks by repeatedly crashing worker processes via a specially crafted URL in an HTTP request. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1884 CVE-2009-2629 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | nginx |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-11-18 | Name : nginx HTTP Request Remote Buffer Overflow Vulnerability File : nvt/gb_nginx_http_request_bof_vuln.nasl |
2009-12-10 | Name : Fedora Core 12 FEDORA-2009-12750 (nginx) File : nvt/fcore_2009_12750.nasl |
2009-12-10 | Name : Fedora Core 10 FEDORA-2009-12775 (nginx) File : nvt/fcore_2009_12775.nasl |
2009-12-10 | Name : Fedora Core 11 FEDORA-2009-12782 (nginx) File : nvt/fcore_2009_12782.nasl |
2009-10-01 | Name : nginx HTTP Request Remote Buffer Overflow Vulnerability File : nvt/nginx_36384.nasl |
2009-09-21 | Name : Fedora Core 11 FEDORA-2009-9630 (nginx) File : nvt/fcore_2009_9630.nasl |
2009-09-21 | Name : Fedora Core 10 FEDORA-2009-9652 (nginx) File : nvt/fcore_2009_9652.nasl |
2009-09-21 | Name : Gentoo Security Advisory GLSA 200909-18 (nginx) File : nvt/glsa_200909_18.nasl |
2009-09-15 | Name : Debian Security Advisory DSA 1884-1 (nginx) File : nvt/deb_1884_1.nasl |
2009-09-15 | Name : FreeBSD Ports: nginx File : nvt/freebsd_nginx.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
58128 | nginx ngx_http_parse_complex_uri() Function Underflow The vulnerability is caused due to an error in the processing of URLs within the "ngx_http_parse_complex_uri()" function. This can be exploited to cause a buffer underflow via a specially crafted request and may allow execution of arbitrary code. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | nginx URI parsing buffer overflow attempt RuleID : 17528 - Revision : 10 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1884.nasl - Type : ACT_GATHER_INFO |
2009-12-08 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12750.nasl - Type : ACT_GATHER_INFO |
2009-12-08 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12775.nasl - Type : ACT_GATHER_INFO |
2009-12-08 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12782.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The web server on the remote host is affected by multiple vulnerabilities. File : nginx_http_request_buffer_overflow.nasl - Type : ACT_GATHER_INFO |
2009-09-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200909-18.nasl - Type : ACT_GATHER_INFO |
2009-09-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-9630.nasl - Type : ACT_GATHER_INFO |
2009-09-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-9652.nasl - Type : ACT_GATHER_INFO |
2009-09-15 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_152b27f0a15811de990ce5b1d4c882e0.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-05-26 13:24:11 |
|
2013-09-09 21:21:59 |
|