Bugraq ID: 36384
CVE ID:CVE-2009-2629
CNCVE ID:CNCVE-20092629
漏洞消息时间:2009-09-15
漏洞起因
边界条件错误
影响系统
Igor Sysoev nginx 0.8.14
Igor Sysoev nginx 0.7.61
Igor Sysoev nginx 0.6.38
Igor Sysoev nginx 0.5.37
不受影响系统
Igor Sysoev nginx 0.8.15
Igor Sysoev nginx 0.7.62
Igor Sysoev nginx 0.6.39
Igor Sysoev nginx 0.5.38
危害
远程攻击者可以利用漏洞以应用程序程序执行任意指令。
攻击所需条件
攻击者必须访问nginx。
漏洞信息
nginx是一款高性能的HTTP 和反向代理服务器。
nginx处理特殊构建的URIs存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序程序执行任意指令。
当处理特殊构建的URIs时ngx_http_parse_complex_uri()函数存在缓冲区下溢错误,可导致nginx服务器把URI中的数据在分配缓冲区前就写入到堆内存中,可导致以服务进程权限执行任意指令。
测试方法
厂商解决方案
Debian linux用户可升级到如下版本:
Debian Linux 4.0 ia-32
Debian nginx_0.4.13-2+etch2_i386.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_i386.deb
Debian Linux 5.0 hppa
Debian nginx_0.6.32-3+lenny2_hppa.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_hppa.deb
Debian Linux 5.0 ia-64
Debian nginx_0.6.32-3+lenny2_ia64.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_ia64.deb
Debian Linux 4.0 hppa
Debian nginx_0.4.13-2+etch2_hppa.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_hppa.deb
Debian Linux 4.0 sparc
Debian nginx_0.4.13-2+etch2_sparc.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_sparc.deb
Debian Linux 4.0 s/390
Debian nginx_0.4.13-2+etch2_s390.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_s390.deb
Debian Linux 5.0 arm
Debian nginx_0.6.32-3+lenny2_arm.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_arm.deb
Debian Linux 4.0 powerpc
Debian nginx_0.4.13-2+etch2_powerpc.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_powerpc.deb
Debian Linux 4.0 mipsel
Debian nginx_0.4.13-2+etch2_mipsel.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_mipsel.deb
Debian Linux 5.0 alpha
Debian nginx_0.6.32-3+lenny2_alpha.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_alpha.deb
Debian Linux 5.0 amd64
Debian nginx_0.6.32-3+lenny2_amd64.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_amd64.deb
Debian Linux 5.0 ia-32
Debian nginx_0.6.32-3+lenny2_i386.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_i386.deb
Debian Linux 5.0 mips
Debian nginx_0.6.32-3+lenny2_mips.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_mips.deb
Debian Linux 5.0 mipsel
Debian nginx_0.6.32-3+lenny2_mipsel.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_mipsel.deb
Debian Linux 5.0 powerpc
Debian nginx_0.6.32-3+lenny2_powerpc.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_powerpc.deb
Debian Linux 4.0 ia-64
Debian nginx_0.4.13-2+etch2_ia64.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_ia64.deb
Debian Linux 4.0 mips
Debian nginx_0.4.13-2+etch2_mips.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_mips.deb
Debian Linux 5.0 sparc
Debian nginx_0.6.32-3+lenny2_sparc.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_sparc.deb
漏洞提供者
Chris Ries
漏洞消息链接
http://www.kb.cert.org/vuls/id/180065
漏洞消息标题
Vulnerability Note VU#180065
Nginx ngx_http_parse_complex_uri() buffer underflow vulnerabilityLinux Kernel find_ie()函数远程拒绝服务漏洞Linux Kernel perf_counter_open()函数本地溢出漏洞相关资讯 Linux漏洞
- 敲击28次退格键之后:Linux漏洞可 (12/18/2015 11:22:28)
- Linux出现重大漏洞 GHOST ? (01/30/2015 18:35:07)
- Linux 2.6.31本地代码执行漏洞( (07/07/2014 07:51:17)
| - Red Hat Linux 修补“libuser”库 (07/26/2015 06:39:34)
- 红帽反驳:“Grinch(鬼精灵)”算 (12/30/2014 07:38:23)
- Linux gcc++漏洞:普通用户获得 (08/16/2013 11:57:41)
|
本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
- 本站管理人员有权保留或删除其管辖留言中的任意内容
- 本站有权在网站内转载或引用您的评论
- 参与本评论即表明您已经阅读并接受上述条款
|
易网时代-编程资源站