| Reporter | Title | Published | Views | Family All 337 |
|---|---|---|---|---|
| Exploit for Off-by-one Error in F5 Nginx | 30 Jun 202204:39 | – | githubexploit | |
| Exploit for Off-by-one Error in F5 Nginx | 20 Jul 202305:39 | – | githubexploit | |
| Exploit for Off-by-one Error in F5 Nginx | 8 Dec 202409:47 | – | githubexploit | |
| Exploit for Off-by-one Error in F5 Nginx | 4 Sep 202509:49 | – | githubexploit | |
| Exploit for Off-by-one Error in F5 Nginx | 21 Oct 202304:24 | – | githubexploit | |
| NGINX -- 1-byte memory overwrite in resolver | 25 May 202100:00 | – | freebsd | |
| nginx 1.20.0 DNS Resolver Off-By-One Heap Write Exploit | 27 May 202100:00 | – | zdt | |
| Nginx 1.20.0 - Denial of Service Exploit | 11 Jul 202200:00 | – | zdt | |
| Security Bulletin: IBM API Connect V5 is impacted by a vulnerability in nginx. (CVE-2021-23017) | 25 Aug 202113:37 | – | ibm | |
| Security Bulletin: Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities. | 11 Apr 202311:47 | – | ibm |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(153261);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/01");
script_cve_id("CVE-2017-20005", "CVE-2021-23017");
script_name(english:"EulerOS 2.0 SP2 : nginx (EulerOS-SA-2021-2412)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the nginx package installed, the EulerOS
installation on the remote host is affected by the following
vulnerabilities :
- A security issue in nginx resolver was identified,
which might allow an attacker who is able to forge UDP
packets from the DNS server to cause 1-byte memory
overwrite, resulting in worker process crash or
potential other impact.(CVE-2021-23017)
- NGINX before 1.13.6 has a buffer overflow for years
that exceed four digits, as demonstrated by a file with
a modification date in 1969 that causes an integer
overflow (or a false modification date far in the
future), when encountered by the autoindex
module.(CVE-2017-20005)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2412
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4712e121");
script_set_attribute(attribute:"solution", value:
"Update the affected nginx packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-20005");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2021/09/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/09/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nginx");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["nginx-1.13.3-1.h7"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nginx");
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation