Vulnerabilities > CVE-2009-2629 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | nginx v0.6.38 Heap Corruption Exploit. CVE-2009-2629. Local exploit for linux platform |
| id | EDB-ID:14830 |
| last seen | 2016-02-01 |
| modified | 2010-08-29 |
| published | 2010-08-29 |
| reporter | Aaron Conole |
| source | https://www.exploit-db.com/download/14830/ |
| title | nginx 0.6.38 - Heap Corruption Exploit |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2009-12782.NASL description - Fri Dec 4 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.64-1 - update to 0.7.64 - Thu Oct 29 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.63-1 - update to 0.7.63 - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.62-1 - update to 0.7.62 - fixes CVE-2009-2629 - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.61-1 - update to new stable 0.7.61 - remove third-party module Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43034 published 2009-12-08 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43034 title Fedora 11 : nginx-0.7.64-1.fc11 (2009-12782) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2009-12782. # include("compat.inc"); if (description) { script_id(43034); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:29"); script_cve_id("CVE-2009-2629", "CVE-2009-3555", "CVE-2009-3896"); script_bugtraq_id(36384, 36839, 36935); script_xref(name:"FEDORA", value:"2009-12782"); script_name(english:"Fedora 11 : nginx-0.7.64-1.fc11 (2009-12782)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Fri Dec 4 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.64-1 - update to 0.7.64 - Thu Oct 29 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.63-1 - update to 0.7.63 - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.62-1 - update to 0.7.62 - fixes CVE-2009-2629 - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.61-1 - update to new stable 0.7.61 - remove third-party module Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=539573" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032258.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?72595697" ); script_set_attribute(attribute:"solution", value:"Update the affected nginx package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(119, 310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nginx"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11"); script_set_attribute(attribute:"patch_publication_date", value:"2009/12/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC11", reference:"nginx-0.7.64-1.fc11")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nginx"); }NASL family Fedora Local Security Checks NASL id FEDORA_2009-9630.NASL description - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.62-1 - update to 0.7.62 - fixes CVE-2009-2629 - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.61-1 - update to new stable 0.7.61 - remove third-party module Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40995 published 2009-09-16 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40995 title Fedora 11 : nginx-0.7.62-1.fc11 (2009-9630) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2009-9630. # include("compat.inc"); if (description) { script_id(40995); script_version ("1.19"); script_cvs_date("Date: 2019/08/02 13:32:30"); script_cve_id("CVE-2009-2629"); script_bugtraq_id(36384); script_xref(name:"FEDORA", value:"2009-9630"); script_name(english:"Fedora 11 : nginx-0.7.62-1.fc11 (2009-9630)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.62-1 - update to 0.7.62 - fixes CVE-2009-2629 - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.61-1 - update to new stable 0.7.61 - remove third-party module Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=523105" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-September/029236.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e3cd718a" ); script_set_attribute(attribute:"solution", value:"Update the affected nginx package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nginx"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11"); script_set_attribute(attribute:"patch_publication_date", value:"2009/09/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC11", reference:"nginx-0.7.62-1.fc11")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nginx"); }NASL family Fedora Local Security Checks NASL id FEDORA_2009-12750.NASL description - Fri Dec 4 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.64-1 - Update to new stable 0.7.64 - Thu Oct 29 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.63-1 - Update to new stable 0.7.63 - reinstate zlib dependency Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43032 published 2009-12-08 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43032 title Fedora 12 : nginx-0.7.64-1.fc12 (2009-12750) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2009-12750. # include("compat.inc"); if (description) { script_id(43032); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:29"); script_cve_id("CVE-2009-2629", "CVE-2009-3555", "CVE-2009-3896"); script_bugtraq_id(36384, 36839, 36935); script_xref(name:"FEDORA", value:"2009-12750"); script_name(english:"Fedora 12 : nginx-0.7.64-1.fc12 (2009-12750)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Fri Dec 4 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.64-1 - Update to new stable 0.7.64 - Thu Oct 29 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.63-1 - Update to new stable 0.7.63 - reinstate zlib dependency Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=539573" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032237.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?72850b86" ); script_set_attribute(attribute:"solution", value:"Update the affected nginx package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(119, 310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nginx"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:12"); script_set_attribute(attribute:"patch_publication_date", value:"2009/12/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^12([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 12.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC12", reference:"nginx-0.7.64-1.fc12")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nginx"); }NASL family Web Servers NASL id NGINX_HTTP_REQUEST_BUFFER_OVERFLOW.NASL description The remote web server is running nginx, a lightweight, high performance web server / reverse proxy and email (IMAP/POP3) proxy. According to its Server response header, the installed version of nginx is affected by multiple vulnerabilities : - A remote buffer overflow attack related to its parsing of complex URIs. - A remote denial of service attack related to its parsing of HTTP request headers. last seen 2020-05-09 modified 2009-09-24 plugin id 41608 published 2009-09-24 reporter This script is Copyright (C) 2009-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/41608 title nginx HTTP Request Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200909-18.NASL description The remote host is affected by the vulnerability described in GLSA-200909-18 (nginx: Remote execution of arbitrary code) Chris Ries reported a heap-based buffer underflow in the ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when parsing the request URI. Impact : A remote attacker might send a specially crafted request URI to a nginx server, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the server, or a Denial of Service. NOTE: By default, nginx runs as the last seen 2020-06-01 modified 2020-06-02 plugin id 41022 published 2009-09-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41022 title GLSA-200909-18 : nginx: Remote execution of arbitrary code NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_152B27F0A15811DE990CE5B1D4C882E0.NASL description nginx development team reports : A segmentation fault might occur in worker process while specially crafted request handling. last seen 2020-06-01 modified 2020-06-02 plugin id 40978 published 2009-09-15 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40978 title FreeBSD : nginx -- remote denial of service vulnerability (152b27f0-a158-11de-990c-e5b1d4c882e0) NASL family Fedora Local Security Checks NASL id FEDORA_2009-12775.NASL description - Fri Dec 4 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.64-1 - update to 0.7.64 - Thu Oct 29 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.63-1 - update to 0.7.63 - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.62-1 - update to 0.7.62 - fixes CVE-2009-2629 - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.61-1 - update to new stable 0.7.61 - remove third-party module - Sat Apr 11 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> 0.6.36-1 - update to 0.6.36 - Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.6.35-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - Thu Feb 19 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.6.35-2 - rebuild - Thu Feb 19 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.6.35-1 - update to 0.6.35 - Sat Jan 17 2009 Tomas Mraz <tmraz at redhat.com> - 0.6.34-2 - rebuild with new openssl - Tue Dec 30 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.6.34-1 - update to 0.6.34 - Thu Dec 4 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 0.6.33-2 - Fix inclusion of /usr/share/nginx tree => no unowned directories. - Sun Nov 23 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.6.33-1 - update to 0.6.33 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43033 published 2009-12-08 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43033 title Fedora 10 : nginx-0.7.64-1.fc10 (2009-12775) NASL family Fedora Local Security Checks NASL id FEDORA_2009-9652.NASL description - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.62-1 - update to 0.7.62 - fixes CVE-2009-2629 - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.61-1 - update to new stable 0.7.61 - remove third-party module - Sat Apr 11 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> 0.6.36-1 - update to 0.6.36 - Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.6.35-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - Thu Feb 19 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.6.35-2 - rebuild - Thu Feb 19 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.6.35-1 - update to 0.6.35 - Sat Jan 17 2009 Tomas Mraz <tmraz at redhat.com> - 0.6.34-2 - rebuild with new openssl - Tue Dec 30 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.6.34-1 - update to 0.6.34 - Thu Dec 4 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 0.6.33-2 - Fix inclusion of /usr/share/nginx tree => no unowned directories. - Sun Nov 23 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.6.33-1 - update to 0.6.33 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40996 published 2009-09-16 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40996 title Fedora 10 : nginx-0.7.62-1.fc10 (2009-9652) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1884.NASL description Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process (www-data on Debian) or possibly perform denial of service attacks by repeatedly crashing worker processes via a specially crafted URL in an HTTP request. last seen 2020-06-01 modified 2020-06-02 plugin id 44749 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44749 title Debian DSA-1884-1 : nginx - buffer underflow
Seebug
| bulletinFamily | exploit |
| description | Bugraq ID: 36384 CVE ID:CVE-2009-2629 nginx是一款高性能的HTTP 和反向代理服务器。 nginx处理特殊构建的URIs存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序程序执行任意指令。 当处理特殊构建的URIs时ngx_http_parse_complex_uri()函数存在缓冲区下溢错误,可导致nginx服务器把URI中的数据在分配缓冲区前就写入到堆内存中,可导致以服务进程权限执行任意指令。 Igor Sysoev nginx 0.8.14 Igor Sysoev nginx 0.7.61 Igor Sysoev nginx 0.6.38 Igor Sysoev nginx 0.5.37 厂商解决方案 Debian linux用户可升级到如下版本: Debian Linux 4.0 ia-32 Debian nginx_0.4.13-2+etch2_i386.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_i386.deb Debian Linux 5.0 hppa Debian nginx_0.6.32-3+lenny2_hppa.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_hppa.deb Debian Linux 5.0 ia-64 Debian nginx_0.6.32-3+lenny2_ia64.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_ia64.deb Debian Linux 4.0 hppa Debian nginx_0.4.13-2+etch2_hppa.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_hppa.deb Debian Linux 4.0 sparc Debian nginx_0.4.13-2+etch2_sparc.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_sparc.deb Debian Linux 4.0 s/390 Debian nginx_0.4.13-2+etch2_s390.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_s390.deb Debian Linux 5.0 arm Debian nginx_0.6.32-3+lenny2_arm.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_arm.deb Debian Linux 4.0 powerpc Debian nginx_0.4.13-2+etch2_powerpc.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_powerpc.deb Debian Linux 4.0 mipsel Debian nginx_0.4.13-2+etch2_mipsel.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_mipsel.deb Debian Linux 5.0 alpha Debian nginx_0.6.32-3+lenny2_alpha.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_alpha.deb Debian Linux 5.0 amd64 Debian nginx_0.6.32-3+lenny2_amd64.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_amd64.deb Debian Linux 5.0 ia-32 Debian nginx_0.6.32-3+lenny2_i386.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_i386.deb Debian Linux 5.0 mips Debian nginx_0.6.32-3+lenny2_mips.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_mips.deb Debian Linux 5.0 mipsel Debian nginx_0.6.32-3+lenny2_mipsel.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_mipsel.deb Debian Linux 5.0 powerpc Debian nginx_0.6.32-3+lenny2_powerpc.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_powerpc.deb Debian Linux 4.0 ia-64 Debian nginx_0.4.13-2+etch2_ia64.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_ia64.deb Debian Linux 4.0 mips Debian nginx_0.4.13-2+etch2_mips.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_mips.deb Debian Linux 5.0 sparc Debian nginx_0.6.32-3+lenny2_sparc.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_sparc.deb |
| id | SSV:12337 |
| last seen | 2017-11-19 |
| modified | 2009-09-18 |
| published | 2009-09-18 |
| reporter | Root |
| title | nginx HTTP请求远程缓冲区溢出漏洞 |
References
- http://nginx.net/CHANGES-0.6
- http://nginx.net/CHANGES-0.7
- http://www.debian.org/security/2009/dsa-1884
- http://nginx.net/CHANGES-0.5
- http://www.kb.cert.org/vuls/id/180065
- http://sysoev.ru/nginx/patch.180065.txt
- http://nginx.net/CHANGES
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html