Gentoo Security Advisory GLSA 200909-18 (nginx)

The remote host is missing updates announced in advisory GLSA 200909-18. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

Fedora Core 10 FEDORA-2009-9652 (nginx)

The remote host is missing an update to nginx announced via advisory FEDORA-2009-9652. OpenVAS Vulnerability Test $Id: fcore20099652.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-9652 nginx Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...

Fedora Core 10 FEDORA-2009-9652 (nginx)

The remote host is missing an update to nginx announced via advisory FEDORA-2009-9652. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

GLSA-200909-18 : nginx: Remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200909-18 nginx: Remote execution of arbitrary code Chris Ries reported a heap-based buffer underflow in the ngxhttpparsecomplexuri function in http/ngxhttpparse.c when parsing the request URI. Impact : A remote attacker might sen...

Fedora Core 11 FEDORA-2009-9630 (nginx)

The remote host is missing an update to nginx announced via advisory FEDORA-2009-9630. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Gentoo Security Advisory GLSA 200909-18 (nginx)

The remote host is missing updates announced in advisory GLSA 200909-18. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

nginx HTTP请求远程缓冲区溢出漏洞

Bugraq ID: 36384 CVE ID：CVE-2009-2629 nginx是一款高性能的HTTP 和反向代理服务器。 nginx处理特殊构建的URIs存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序程序执行任意指令。 当处理特殊构建的URIs时ngxhttpparsecomplexuri函数存在缓冲区下溢错误，可导致nginx服务器把URI中的数据在分配缓冲区前就写入到堆内存中，可导致以服务进程权限执行任意指令。 Igor Sysoev nginx 0.8.14 Igor Sysoev nginx 0.7.61 Igor Sysoev nginx 0.6.38 Igor...

nginx: Remote execution of arbitrary code

Background nginx is a robust, small and high performance HTTP and reverse proxy server. Description Chris Ries reported a heap-based buffer underflow in the ngxhttpparsecomplexuri function in http/ngxhttpparse.c when parsing the request URI. Impact A remote attacker might send a specially crafted...

nginx代理DNS缓存域欺骗漏洞

BUGTRAQ ID: 36438 nginx是多平台的HTTP服务器和邮件代理服务器。 nginx对解析过的域名维护一个内部的DNS缓存，但在搜素缓存时，nginx仅检查名称的crc32是否匹配以及短名称是长名称的前缀，但没有检查名称的长度是否相等。如果nginx配置为代理缓存的话，远程攻击者就可以通过DNS投毒攻击欺骗域名，诱骗用户相信所访问的域名为合法。 Igor Sysoev nginx 0.8.x Igor Sysoev nginx 0.7.x Igor Sysoev nginx 0.6.x Igor Sysoev nginx 0.5.x 厂商补丁： Igor Sysoev...

nginx DNS cache poisoning

Invalid implementation of caching algorithm...

nginx internal DNS cache poisoning

nginx maintains an internal DNS cache for resolved domain names. However, when searching the cache, nginx only checks that the crc32 of the names match and that the shorter name is a prefix of the longer name. It does not check that the names are equal in length. One way to exploit this is if ngi...

Fedora 10 : nginx-0.7.62-1.fc10 (2009-9652)

Mon Sep 14 2009 Jeremy Hinegardner - 0.7.62-1 - update to 0.7.62 - fixes CVE-2009-2629 - Sun Aug 2 2009 Jeremy Hinegardner - 0.7.61-1 - update to new stable 0.7.61 - remove third-party module - Sat Apr 11 2009 Jeremy Hinegardner 0.6.36-1 - update to 0.6.36 - Wed Feb 25 2009 Fedora Release...

Fedora 11 : nginx-0.7.62-1.fc11 (2009-9630)

Mon Sep 14 2009 Jeremy Hinegardner - 0.7.62-1 - update to 0.7.62 - fixes CVE-2009-2629 - Sun Aug 2 2009 Jeremy Hinegardner - 0.7.61-1 - update to new stable 0.7.61 - remove third-party module Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

Immunity Canvas: NGINX

Name| nginx ---|--- CVE| CVE-2009-2629 Exploit Pack| CANVAS Description| Jinx Notes| CVE Name: CVE-2009-2629 VENDOR: nginx Notes: Use -O execshield:0 against Ubuntu targets - the default is to assume you want execshield avoidance. Repeatability: Infinite References:...

DEBIAN-CVE-2009-2629

Buffer underflow in src/http/ngxhttpparse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests...

Buffer overflow

Buffer underflow in src/http/ngxhttpparse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests...

CVE-2009-2629

Buffer underflow in src/http/ngxhttpparse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests...

CVE-2009-2629

Buffer underflow in src/http/ngxhttpparse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests...

CVE-2009-2629

Buffer underflow in src/http/ngxhttpparse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests...

CVE-2009-2629

Buffer underflow in src/http/ngxhttpparse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests...