Nginx HTTP请求远程缓冲区溢出漏洞

Bugraq ID: 36384
CVE ID:CVE-2009-2629
CNCVE ID:CNCVE-20092629
 
漏洞消息时间:2009-09-15
 
漏洞起因
边界条件错误
 
影响系统
Igor Sysoev nginx 0.8.14
Igor Sysoev nginx 0.7.61
Igor Sysoev nginx 0.6.38
Igor Sysoev nginx 0.5.37
 
不受影响系统
Igor Sysoev nginx 0.8.15
Igor Sysoev nginx 0.7.62
Igor Sysoev nginx 0.6.39
Igor Sysoev nginx 0.5.38
 
危害
远程攻击者可以利用漏洞以应用程序程序执行任意指令。
 
攻击所需条件
攻击者必须访问nginx。
 
漏洞信息
nginx是一款高性能的HTTP 和反向代理服务器。
nginx处理特殊构建的URIs存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序程序执行任意指令。
当处理特殊构建的URIs时ngx_http_parse_complex_uri()函数存在缓冲区下溢错误,可导致nginx服务器把URI中的数据在分配缓冲区前就写入到堆内存中,可导致以服务进程权限执行任意指令。
 
测试方法
 
厂商解决方案
Debian linux用户可升级到如下版本:
Debian Linux 4.0 ia-32
Debian nginx_0.4.13-2+etch2_i386.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_i386.deb
Debian Linux 5.0 hppa
Debian nginx_0.6.32-3+lenny2_hppa.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_hppa.deb
Debian Linux 5.0 ia-64
Debian nginx_0.6.32-3+lenny2_ia64.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_ia64.deb
Debian Linux 4.0 hppa
Debian nginx_0.4.13-2+etch2_hppa.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_hppa.deb
Debian Linux 4.0 sparc
Debian nginx_0.4.13-2+etch2_sparc.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_sparc.deb
Debian Linux 4.0 s/390
Debian nginx_0.4.13-2+etch2_s390.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_s390.deb
Debian Linux 5.0 arm
Debian nginx_0.6.32-3+lenny2_arm.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_arm.deb
Debian Linux 4.0 powerpc
Debian nginx_0.4.13-2+etch2_powerpc.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_powerpc.deb
Debian Linux 4.0 mipsel
Debian nginx_0.4.13-2+etch2_mipsel.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_mipsel.deb
Debian Linux 5.0 alpha
Debian nginx_0.6.32-3+lenny2_alpha.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_alpha.deb
Debian Linux 5.0 amd64
Debian nginx_0.6.32-3+lenny2_amd64.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_amd64.deb
Debian Linux 5.0 ia-32
Debian nginx_0.6.32-3+lenny2_i386.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_i386.deb
Debian Linux 5.0 mips
Debian nginx_0.6.32-3+lenny2_mips.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_mips.deb
Debian Linux 5.0 mipsel
Debian nginx_0.6.32-3+lenny2_mipsel.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_mipsel.deb
Debian Linux 5.0 powerpc
Debian nginx_0.6.32-3+lenny2_powerpc.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_powerpc.deb
Debian Linux 4.0 ia-64
Debian nginx_0.4.13-2+etch2_ia64.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_ia64.deb
Debian Linux 4.0 mips
Debian nginx_0.4.13-2+etch2_mips.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_mips.deb
Debian Linux 5.0 sparc
Debian nginx_0.6.32-3+lenny2_sparc.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_sparc.deb
 
漏洞提供者
Chris Ries
 
 
漏洞消息链接
http://www.kb.cert.org/vuls/id/180065
 
漏洞消息标题
Vulnerability Note VU#180065
Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability

相关推荐