Vulnerabilities > CVE-2009-2629 - Out-Of-Bounds Write vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
nginx
debian
fedoraproject
CWE-787
nessus
exploit available

Summary

Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.

Vulnerable Configurations

Part Description Count
Application
Nginx
284
OS
Debian
3
OS
Fedoraproject
3

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionnginx v0.6.38 Heap Corruption Exploit. CVE-2009-2629. Local exploit for linux platform
idEDB-ID:14830
last seen2016-02-01
modified2010-08-29
published2010-08-29
reporterAaron Conole
sourcehttps://www.exploit-db.com/download/14830/
titlenginx 0.6.38 - Heap Corruption Exploit

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-12782.NASL
    description - Fri Dec 4 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.64-1 - update to 0.7.64 - Thu Oct 29 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.63-1 - update to 0.7.63 - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.62-1 - update to 0.7.62 - fixes CVE-2009-2629 - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.61-1 - update to new stable 0.7.61 - remove third-party module Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43034
    published2009-12-08
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43034
    titleFedora 11 : nginx-0.7.64-1.fc11 (2009-12782)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2009-12782.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(43034);
      script_version("1.18");
      script_cvs_date("Date: 2019/08/02 13:32:29");
    
      script_cve_id("CVE-2009-2629", "CVE-2009-3555", "CVE-2009-3896");
      script_bugtraq_id(36384, 36839, 36935);
      script_xref(name:"FEDORA", value:"2009-12782");
    
      script_name(english:"Fedora 11 : nginx-0.7.64-1.fc11 (2009-12782)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Fri Dec 4 2009 Jeremy Hinegardner <jeremy at hinegardner
        dot org> - 0.7.64-1
    
        - update to 0.7.64
    
        - Thu Oct 29 2009 Jeremy Hinegardner <jeremy at
          hinegardner dot org> - 0.7.63-1
    
        - update to 0.7.63
    
        - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at
          hinegardner dot org> - 0.7.62-1
    
        - update to 0.7.62
    
        - fixes CVE-2009-2629
    
        - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at
          hinegardner dot org> - 0.7.61-1
    
        - update to new stable 0.7.61
    
        - remove third-party module
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=539573"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032258.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?72595697"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected nginx package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(119, 310);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nginx");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/12/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC11", reference:"nginx-0.7.64-1.fc11")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nginx");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-9630.NASL
    description - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.62-1 - update to 0.7.62 - fixes CVE-2009-2629 - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.61-1 - update to new stable 0.7.61 - remove third-party module Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40995
    published2009-09-16
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40995
    titleFedora 11 : nginx-0.7.62-1.fc11 (2009-9630)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2009-9630.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40995);
      script_version ("1.19");
      script_cvs_date("Date: 2019/08/02 13:32:30");
    
      script_cve_id("CVE-2009-2629");
      script_bugtraq_id(36384);
      script_xref(name:"FEDORA", value:"2009-9630");
    
      script_name(english:"Fedora 11 : nginx-0.7.62-1.fc11 (2009-9630)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at
        hinegardner dot org> - 0.7.62-1
    
        - update to 0.7.62
    
        - fixes CVE-2009-2629
    
        - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at
          hinegardner dot org> - 0.7.61-1
    
        - update to new stable 0.7.61
    
        - remove third-party module
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=523105"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-September/029236.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e3cd718a"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected nginx package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nginx");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/09/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC11", reference:"nginx-0.7.62-1.fc11")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nginx");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-12750.NASL
    description - Fri Dec 4 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.64-1 - Update to new stable 0.7.64 - Thu Oct 29 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.63-1 - Update to new stable 0.7.63 - reinstate zlib dependency Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43032
    published2009-12-08
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43032
    titleFedora 12 : nginx-0.7.64-1.fc12 (2009-12750)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2009-12750.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(43032);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:29");
    
      script_cve_id("CVE-2009-2629", "CVE-2009-3555", "CVE-2009-3896");
      script_bugtraq_id(36384, 36839, 36935);
      script_xref(name:"FEDORA", value:"2009-12750");
    
      script_name(english:"Fedora 12 : nginx-0.7.64-1.fc12 (2009-12750)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Fri Dec 4 2009 Jeremy Hinegardner <jeremy at hinegardner
        dot org> - 0.7.64-1
    
        - Update to new stable 0.7.64
    
        - Thu Oct 29 2009 Jeremy Hinegardner <jeremy at
          hinegardner dot org> - 0.7.63-1
    
        - Update to new stable 0.7.63
    
        - reinstate zlib dependency
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=539573"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032237.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?72850b86"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected nginx package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(119, 310);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nginx");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:12");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/12/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^12([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 12.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC12", reference:"nginx-0.7.64-1.fc12")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nginx");
    }
    
  • NASL familyWeb Servers
    NASL idNGINX_HTTP_REQUEST_BUFFER_OVERFLOW.NASL
    descriptionThe remote web server is running nginx, a lightweight, high performance web server / reverse proxy and email (IMAP/POP3) proxy. According to its Server response header, the installed version of nginx is affected by multiple vulnerabilities : - A remote buffer overflow attack related to its parsing of complex URIs. - A remote denial of service attack related to its parsing of HTTP request headers.
    last seen2020-05-09
    modified2009-09-24
    plugin id41608
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/41608
    titlenginx HTTP Request Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200909-18.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200909-18 (nginx: Remote execution of arbitrary code) Chris Ries reported a heap-based buffer underflow in the ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when parsing the request URI. Impact : A remote attacker might send a specially crafted request URI to a nginx server, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the server, or a Denial of Service. NOTE: By default, nginx runs as the
    last seen2020-06-01
    modified2020-06-02
    plugin id41022
    published2009-09-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41022
    titleGLSA-200909-18 : nginx: Remote execution of arbitrary code
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_152B27F0A15811DE990CE5B1D4C882E0.NASL
    descriptionnginx development team reports : A segmentation fault might occur in worker process while specially crafted request handling.
    last seen2020-06-01
    modified2020-06-02
    plugin id40978
    published2009-09-15
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40978
    titleFreeBSD : nginx -- remote denial of service vulnerability (152b27f0-a158-11de-990c-e5b1d4c882e0)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-12775.NASL
    description - Fri Dec 4 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.64-1 - update to 0.7.64 - Thu Oct 29 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.63-1 - update to 0.7.63 - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.62-1 - update to 0.7.62 - fixes CVE-2009-2629 - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.61-1 - update to new stable 0.7.61 - remove third-party module - Sat Apr 11 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> 0.6.36-1 - update to 0.6.36 - Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.6.35-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - Thu Feb 19 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.6.35-2 - rebuild - Thu Feb 19 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.6.35-1 - update to 0.6.35 - Sat Jan 17 2009 Tomas Mraz <tmraz at redhat.com> - 0.6.34-2 - rebuild with new openssl - Tue Dec 30 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.6.34-1 - update to 0.6.34 - Thu Dec 4 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 0.6.33-2 - Fix inclusion of /usr/share/nginx tree => no unowned directories. - Sun Nov 23 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.6.33-1 - update to 0.6.33 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43033
    published2009-12-08
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43033
    titleFedora 10 : nginx-0.7.64-1.fc10 (2009-12775)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-9652.NASL
    description - Mon Sep 14 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.62-1 - update to 0.7.62 - fixes CVE-2009-2629 - Sun Aug 2 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.7.61-1 - update to new stable 0.7.61 - remove third-party module - Sat Apr 11 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> 0.6.36-1 - update to 0.6.36 - Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.6.35-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - Thu Feb 19 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.6.35-2 - rebuild - Thu Feb 19 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.6.35-1 - update to 0.6.35 - Sat Jan 17 2009 Tomas Mraz <tmraz at redhat.com> - 0.6.34-2 - rebuild with new openssl - Tue Dec 30 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.6.34-1 - update to 0.6.34 - Thu Dec 4 2008 Michael Schwendt <mschwendt at fedoraproject.org> - 0.6.33-2 - Fix inclusion of /usr/share/nginx tree => no unowned directories. - Sun Nov 23 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 0.6.33-1 - update to 0.6.33 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40996
    published2009-09-16
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40996
    titleFedora 10 : nginx-0.7.62-1.fc10 (2009-9652)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1884.NASL
    descriptionChris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process (www-data on Debian) or possibly perform denial of service attacks by repeatedly crashing worker processes via a specially crafted URL in an HTTP request.
    last seen2020-06-01
    modified2020-06-02
    plugin id44749
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44749
    titleDebian DSA-1884-1 : nginx - buffer underflow

Seebug

bulletinFamilyexploit
descriptionBugraq ID: 36384 CVE ID:CVE-2009-2629 nginx是一款高性能的HTTP 和反向代理服务器。 nginx处理特殊构建的URIs存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序程序执行任意指令。 当处理特殊构建的URIs时ngx_http_parse_complex_uri()函数存在缓冲区下溢错误,可导致nginx服务器把URI中的数据在分配缓冲区前就写入到堆内存中,可导致以服务进程权限执行任意指令。 Igor Sysoev nginx 0.8.14 Igor Sysoev nginx 0.7.61 Igor Sysoev nginx 0.6.38 Igor Sysoev nginx 0.5.37 厂商解决方案 Debian linux用户可升级到如下版本: Debian Linux 4.0 ia-32 Debian nginx_0.4.13-2+etch2_i386.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_i386.deb Debian Linux 5.0 hppa Debian nginx_0.6.32-3+lenny2_hppa.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_hppa.deb Debian Linux 5.0 ia-64 Debian nginx_0.6.32-3+lenny2_ia64.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_ia64.deb Debian Linux 4.0 hppa Debian nginx_0.4.13-2+etch2_hppa.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_hppa.deb Debian Linux 4.0 sparc Debian nginx_0.4.13-2+etch2_sparc.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_sparc.deb Debian Linux 4.0 s/390 Debian nginx_0.4.13-2+etch2_s390.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_s390.deb Debian Linux 5.0 arm Debian nginx_0.6.32-3+lenny2_arm.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_arm.deb Debian Linux 4.0 powerpc Debian nginx_0.4.13-2+etch2_powerpc.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_powerpc.deb Debian Linux 4.0 mipsel Debian nginx_0.4.13-2+etch2_mipsel.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_mipsel.deb Debian Linux 5.0 alpha Debian nginx_0.6.32-3+lenny2_alpha.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_alpha.deb Debian Linux 5.0 amd64 Debian nginx_0.6.32-3+lenny2_amd64.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_amd64.deb Debian Linux 5.0 ia-32 Debian nginx_0.6.32-3+lenny2_i386.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_i386.deb Debian Linux 5.0 mips Debian nginx_0.6.32-3+lenny2_mips.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_mips.deb Debian Linux 5.0 mipsel Debian nginx_0.6.32-3+lenny2_mipsel.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_mipsel.deb Debian Linux 5.0 powerpc Debian nginx_0.6.32-3+lenny2_powerpc.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_powerpc.deb Debian Linux 4.0 ia-64 Debian nginx_0.4.13-2+etch2_ia64.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_ia64.deb Debian Linux 4.0 mips Debian nginx_0.4.13-2+etch2_mips.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_mips.deb Debian Linux 5.0 sparc Debian nginx_0.6.32-3+lenny2_sparc.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_sparc.deb
idSSV:12337
last seen2017-11-19
modified2009-09-18
published2009-09-18
reporterRoot
titlenginx HTTP请求远程缓冲区溢出漏洞