Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 Tenable Network Security, Inc.GENTOO_GLSA-201203-22.NASL
HistoryJun 21, 2012 - 12:00 a.m.

GLSA-201203-22 : nginx: Multiple vulnerabilities

2012-06-2100:00:00
This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.
www.tenable.com
28
JSON

The remote host is affected by the vulnerability described in GLSA-201203-22 (nginx: Multiple vulnerabilities)

Multiple vulnerabilities have been found in nginx:
  The TLS protocol does not properly handle session renegotiation         requests (CVE-2009-3555).
  The 'ngx_http_process_request_headers()' function in ngx_http_parse.c         could cause a NULL pointer dereference (CVE-2009-3896).
  nginx does not properly sanitize user input for the the WebDAV COPY         or MOVE methods (CVE-2009-3898).
  The 'ngx_resolver_copy()' function in ngx_resolver.c contains a         boundary error which could cause a heap-based buffer overflow         (CVE-2011-4315).
  nginx does not properly parse HTTP header responses which could         expose sensitive information (CVE-2012-1180).

Impact :

A remote attacker could possibly execute arbitrary code with the       privileges of the nginx process, cause a Denial of Service condition,       create or overwrite arbitrary files, or obtain sensitive information.

Workaround :

There is no known workaround at this time.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201203-22.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(59614);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2009-3555", "CVE-2009-3896", "CVE-2009-3898", "CVE-2011-4315", "CVE-2012-1180");
  script_bugtraq_id(36490, 36839, 36935, 50710, 52578);
  script_xref(name:"GLSA", value:"201203-22");

  script_name(english:"GLSA-201203-22 : nginx: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201203-22
(nginx: Multiple vulnerabilities)

    Multiple vulnerabilities have been found in nginx:
      The TLS protocol does not properly handle session renegotiation
        requests (CVE-2009-3555).
      The 'ngx_http_process_request_headers()' function in ngx_http_parse.c
        could cause a NULL pointer dereference (CVE-2009-3896).
      nginx does not properly sanitize user input for the the WebDAV COPY
        or MOVE methods (CVE-2009-3898).
      The 'ngx_resolver_copy()' function in ngx_resolver.c contains a
        boundary error which could cause a heap-based buffer overflow
        (CVE-2011-4315).
      nginx does not properly parse HTTP header responses which could
        expose sensitive information (CVE-2012-1180).
  
Impact :

    A remote attacker could possibly execute arbitrary code with the
      privileges of the nginx process, cause a Denial of Service condition,
      create or overwrite arbitrary files, or obtain sensitive information.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201203-22"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All nginx users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=www-servers/nginx-1.0.14'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(22, 119, 310);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:nginx");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/03/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"www-servers/nginx", unaffected:make_list("ge 1.0.14"), vulnerable:make_list("lt 1.0.14"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nginx");
}
VendorProductVersionCPE
gentoolinuxnginxp-cpe:/a:gentoo:linux:nginx
gentoolinuxcpe:/o:gentoo:linux

Related

openvas 70
gentoo 1
nessus 55
fedora 16
ubuntucve 4
cve 5
suse 3
prion 4
amazon 2
seebug 6
debiancve 4
nginx 4
redhatcve 1
securityvulns 4
debian 4
altlinux 2
redhat 2
mozilla 1
ubuntu 2
hackerone 2
slackware 1
oraclelinux 1
cisco 1
centos 2
checkpoint_advisories 2
openvas
openvas
Gentoo Security Advisory GLSA 201203-22 (nginx)
2012-04-30 00:00:00
Gentoo Security Advisory GLSA 201203-22 (nginx)
2012-04-30 00:00:00
Fedora Core 11 FEDORA-2009-12782 (nginx)
2009-12-10 00:00:00
gentoo
gentoo
nginx: Multiple vulnerabilities
2012-03-28 00:00:00
nessus
nessus
Fedora 12 : nginx-0.7.64-1.fc12 (2009-12750)
2009-12-08 00:00:00
Fedora 11 : nginx-0.7.64-1.fc11 (2009-12782)
2009-12-08 00:00:00
Fedora 10 : nginx-0.7.64-1.fc10 (2009-12775)
2009-12-08 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: nginx-0.7.64-1.fc12
2009-12-07 07:23:18
[SECURITY] Fedora 11 Update: nginx-0.7.64-1.fc11
2009-12-07 07:27:32
[SECURITY] Fedora 10 Update: nginx-0.7.64-1.fc10
2009-12-07 07:26:07
ubuntucve
ubuntucve
CVE-2009-3898
2009-11-24 00:00:00
CVE-2011-4315
2011-12-08 00:00:00
CVE-2009-3896
2009-11-24 00:00:00
cve
cve
CVE-2009-3898
2009-11-24 17:30:00
CVE-2011-4315
2011-12-08 20:55:00
CVE-2009-3896
2009-11-24 17:30:00
suse
suse
VUL-0: nginx: heap overflow (important)
2012-02-09 19:10:57
Security update for nginx-1.0 (important)
2011-12-05 18:08:33
man-in-the-middle attack in openssl
2009-11-18 09:50:39
prion
prion
Heap overflow
2011-12-08 20:55:00
Null pointer dereference
2009-11-24 17:30:00
Directory traversal
2009-11-24 17:30:00
amazon
amazon
Medium: nginx
2011-12-13 12:50:00
Medium: nginx
2012-04-05 12:50:00
seebug
seebug
nginx DNS解析器远程堆缓冲区溢出漏洞
2011-11-18 00:00:00
nginx ngx_http_process_request_headers()函数空指针引用拒绝服务漏洞
2009-11-27 00:00:00
nginx 'ngx_cpystrn()'信息泄露漏洞(CVE-2012-1180)
2012-03-29 00:00:00
debiancve
debiancve
CVE-2011-4315
2011-12-08 20:55:00
CVE-2009-3898
2009-11-24 17:30:00
CVE-2009-3896
2009-11-24 17:30:00
nginx
nginx
Directory traversal vulnerability
2009-11-24 17:30:00
Buffer overflow in resolver
2011-12-08 20:55:00
Null pointer dereference vulnerability
2009-11-24 17:30:00
redhatcve
redhatcve
CVE-2009-3896
2019-10-04 22:25:10
securityvulns
securityvulns
nginx information leakage
2012-03-17 00:00:00
Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability
2009-11-11 00:00:00
Mozilla Foundation Security Advisory 2010-22
2010-04-06 00:00:00
debian
debian
[SECURITY] [DSA 2434-1] nginx security update
2012-03-19 22:56:59
[SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw
2011-01-05 23:20:31
[SECURITY] [DSA-2141-4] New lighttpd packages fix regression
2011-01-12 18:51:18
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 0.9.8l-alt1
2009-11-07 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8l-alt1
2009-11-07 00:00:00
redhat
redhat
(RHSA-2010:0164) Moderate: openssl097a security update
2010-03-25 00:00:00
(RHSA-2010:0155) Moderate: java-1.4.2-ibm security and bug fix update
2010-03-17 00:00:00
mozilla
mozilla
Update NSS to support TLS renegotiation indication — Mozilla
2010-03-30 00:00:00
ubuntu
ubuntu
Apache vulnerability
2010-09-21 00:00:00
NSS vulnerability
2010-04-09 00:00:00
hackerone
hackerone
LocalTapiola: Secure Client-Initiated Renegotiation
2017-12-27 15:57:52
Slack: TLS1/SSLv3 Renegotiation Vulnerability
2014-04-02 13:01:00
slackware
slackware
openssl
2009-11-16 13:42:36
oraclelinux
oraclelinux
openssl097a security update
2010-03-25 00:00:00
cisco
cisco
Transport Layer Security Renegotiation Vulnerability
2009-11-09 13:00:00
centos
centos
openssl097a security update
2010-03-27 17:44:36
nspr, nss security update
2010-03-28 15:36:50
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against TLS and SSL Spoofing Vulnerability
2010-02-09 00:00:00
TLS Client Initiated Renegotiation (CVE-2009-3555)
2009-11-23 00:00:00
JSON
Related for GENTOO_GLSA-201203-22.NASL
openvas70gentoo1nessus55fedora16ubuntucve4cve5suse3prion4amazon2seebug6debiancve4nginx4redhatcve1securityvulns4debian4altlinux2redhat2mozilla1ubuntu2hackerone2slackware1oraclelinux1cisco1centos2checkpoint_advisories2