Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2021 Tenable Network Security, Inc.GENTOO_GLSA-200909-18.NASL
HistorySep 21, 2009 - 12:00 a.m.

GLSA-200909-18 : nginx: Remote execution of arbitrary code

2009-09-2100:00:00
This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
www.tenable.com
16
JSON

The remote host is affected by the vulnerability described in GLSA-200909-18 (nginx: Remote execution of arbitrary code)

Chris Ries reported a heap-based buffer underflow in the     ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when     parsing the request URI.

Impact :

A remote attacker might send a specially crafted request URI to a nginx     server, possibly resulting in the remote execution of arbitrary code     with the privileges of the user running the server, or a Denial of     Service. NOTE: By default, nginx runs as the 'nginx' user.

Workaround :

There is no known workaround at this time.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200909-18.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(41022);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2009-2629");
  script_xref(name:"GLSA", value:"200909-18");

  script_name(english:"GLSA-200909-18 : nginx: Remote execution of arbitrary code");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200909-18
(nginx: Remote execution of arbitrary code)

    Chris Ries reported a heap-based buffer underflow in the
    ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when
    parsing the request URI.
  
Impact :

    A remote attacker might send a specially crafted request URI to a nginx
    server, possibly resulting in the remote execution of arbitrary code
    with the privileges of the user running the server, or a Denial of
    Service. NOTE: By default, nginx runs as the 'nginx' user.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200909-18"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All nginx 0.5.x users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=www-servers/nginx-0.5.38'
    All nginx 0.6.x users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=www-servers/nginx-0.6.39'
    All nginx 0.7.x users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=www-servers/nginx-0.7.62'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:nginx");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/09/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"www-servers/nginx", unaffected:make_list("rge 0.5.38", "rge 0.6.39", "ge 0.7.62"), vulnerable:make_list("lt 0.7.62"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nginx");
}
VendorProductVersionCPE
gentoolinuxnginxp-cpe:/a:gentoo:linux:nginx
gentoolinuxcpe:/o:gentoo:linux

Related

seebug 1
nessus 8
freebsd 1
debian 1
prion 1
securityvulns 2
openvas 19
nginx 1
ubuntucve 1
gentoo 1
debiancve 1
checkpoint_advisories 1
fedora 5
canvas 1
cve 1
cert 1
seebug
seebug
nginx HTTPθ―·ζ±‚θΏœη¨‹ηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž
2009-09-18 00:00:00
nessus
nessus
Fedora 10 : nginx-0.7.62-1.fc10 (2009-9652)
2009-09-16 00:00:00
Debian DSA-1884-1 : nginx - buffer underflow
2010-02-24 00:00:00
FreeBSD : nginx -- remote denial of service vulnerability (152b27f0-a158-11de-990c-e5b1d4c882e0)
2009-09-15 00:00:00
freebsd
freebsd
nginx -- remote denial of service vulnerability
2009-09-14 00:00:00
debian
debian
[SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution
2009-09-14 15:53:38
prion
prion
Buffer overflow
2009-09-15 22:30:00
securityvulns
securityvulns
[SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution
2009-09-15 00:00:00
nginx proxy server memory corruption
2009-09-15 00:00:00
openvas
openvas
nginx HTTP Request Remote Buffer Overflow Vulnerability
2009-10-01 00:00:00
FreeBSD Ports: nginx
2009-09-15 00:00:00
Fedora Core 11 FEDORA-2009-9630 (nginx)
2009-09-21 00:00:00
nginx
nginx
Buffer underflow vulnerability
2009-09-15 22:30:00
ubuntucve
ubuntucve
CVE-2009-2629
2009-09-15 00:00:00
gentoo
gentoo
nginx: Remote execution of arbitrary code
2009-09-18 00:00:00
debiancve
debiancve
CVE-2009-2629
2009-09-15 22:30:00
checkpoint_advisories
checkpoint_advisories
nginx URI Parsing Buffer Underflow (CVE-2009-2629)
2010-01-31 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: nginx-0.7.62-1.fc10
2009-09-15 21:01:57
[SECURITY] Fedora 11 Update: nginx-0.7.62-1.fc11
2009-09-15 20:59:51
[SECURITY] Fedora 11 Update: nginx-0.7.64-1.fc11
2009-12-07 07:27:32
canvas
canvas
Immunity Canvas: NGINX
2009-09-15 22:30:00
cve
cve
CVE-2009-2629
2009-09-15 22:30:00
cert
cert
Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability
2009-09-15 00:00:00
JSON
Related for GENTOO_GLSA-200909-18.NASL
seebug1nessus8freebsd1debian1prion1securityvulns2openvas19nginx1ubuntucve1gentoo1debiancve1checkpoint_advisories1fedora5canvas1cve1cert1