GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Fri Sep 18, 2009 8:26 pm Post subject: [ GLSA 200909-18 ] nginx: Remote execution of arbitrary code |
|
|
Gentoo Linux Security Advisory
Title: nginx: Remote execution of arbitrary code (GLSA 200909-18)
Severity: high
Exploitable: remote
Date: September 18, 2009
Bug(s): #285162
ID: 200909-18
Synopsis
A buffer underflow vulnerability in the request URI processing of nginx
might enable remote attackers to execute arbitrary code or cause a Denial
of Service.
Background
nginx is a robust, small and high performance HTTP and reverse proxy
server.
Affected Packages
Package: www-servers/nginx
Vulnerable: < 0.7.62
Unaffected: >= 0.5.38 < 0.5.39
Unaffected: >= 0.6.39 < 0.6.40
Unaffected: >= 0.7.62
Architectures: All supported architectures
Description
Chris Ries reported a heap-based buffer underflow in the
ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when
parsing the request URI.
Impact
A remote attacker might send a specially crafted request URI to a nginx
server, possibly resulting in the remote execution of arbitrary code
with the privileges of the user running the server, or a Denial of
Service. NOTE: By default, nginx runs as the "nginx" user.
Workaround
There is no known workaround at this time.
Resolution
All nginx 0.5.x users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/nginx-0.5.38" |
All nginx 0.6.x users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/nginx-0.6.39" |
All nginx 0.7.x users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/nginx-0.7.62" |
References
CVE-2009-2629
Last edited by GLSA on Sun Nov 22, 2009 4:29 am; edited 1 time in total |
|