Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:12337
HistorySep 18, 2009 - 12:00 a.m.

nginx HTTP请求远程缓冲区溢出漏洞

2009-09-1800:00:00
Root
www.seebug.org
28

0.938 High

EPSS

Percentile

98.9%

JSON

Bugraq ID: 36384
CVE ID:CVE-2009-2629

nginx是一款高性能的HTTP 和反向代理服务器。
nginx处理特殊构建的URIs存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序程序执行任意指令。
当处理特殊构建的URIs时ngx_http_parse_complex_uri()函数存在缓冲区下溢错误,可导致nginx服务器把URI中的数据在分配缓冲区前就写入到堆内存中,可导致以服务进程权限执行任意指令。

Igor Sysoev nginx 0.8.14
Igor Sysoev nginx 0.7.61
Igor Sysoev nginx 0.6.38
Igor Sysoev nginx 0.5.37
厂商解决方案
Debian linux用户可升级到如下版本:
Debian Linux 4.0 ia-32
Debian nginx_0.4.13-2+etch2_i386.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_i386.deb
Debian Linux 5.0 hppa
Debian nginx_0.6.32-3+lenny2_hppa.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_hppa.deb
Debian Linux 5.0 ia-64
Debian nginx_0.6.32-3+lenny2_ia64.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_ia64.deb
Debian Linux 4.0 hppa
Debian nginx_0.4.13-2+etch2_hppa.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_hppa.deb
Debian Linux 4.0 sparc
Debian nginx_0.4.13-2+etch2_sparc.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_sparc.deb
Debian Linux 4.0 s/390
Debian nginx_0.4.13-2+etch2_s390.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_s390.deb
Debian Linux 5.0 arm
Debian nginx_0.6.32-3+lenny2_arm.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_arm.deb
Debian Linux 4.0 powerpc
Debian nginx_0.4.13-2+etch2_powerpc.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_powerpc.deb
Debian Linux 4.0 mipsel
Debian nginx_0.4.13-2+etch2_mipsel.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_mipsel.deb
Debian Linux 5.0 alpha
Debian nginx_0.6.32-3+lenny2_alpha.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_alpha.deb
Debian Linux 5.0 amd64
Debian nginx_0.6.32-3+lenny2_amd64.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_amd64.deb
Debian Linux 5.0 ia-32
Debian nginx_0.6.32-3+lenny2_i386.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_i386.deb
Debian Linux 5.0 mips
Debian nginx_0.6.32-3+lenny2_mips.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_mips.deb
Debian Linux 5.0 mipsel
Debian nginx_0.6.32-3+lenny2_mipsel.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_mipsel.deb
Debian Linux 5.0 powerpc
Debian nginx_0.6.32-3+lenny2_powerpc.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_powerpc.deb
Debian Linux 4.0 ia-64
Debian nginx_0.4.13-2+etch2_ia64.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_ia64.deb
Debian Linux 4.0 mips
Debian nginx_0.4.13-2+etch2_mips.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_mips.deb
Debian Linux 5.0 sparc
Debian nginx_0.6.32-3+lenny2_sparc.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_sparc.deb

Related

nessus 9
freebsd 1
debian 1
prion 1
openvas 19
securityvulns 2
nginx 1
gentoo 1
ubuntucve 1
debiancve 1
fedora 5
canvas 1
cve 1
cert 1
checkpoint_advisories 1
nessus
nessus
Fedora 10 : nginx-0.7.62-1.fc10 (2009-9652)
2009-09-16 00:00:00
Debian DSA-1884-1 : nginx - buffer underflow
2010-02-24 00:00:00
GLSA-200909-18 : nginx: Remote execution of arbitrary code
2009-09-21 00:00:00
freebsd
freebsd
nginx -- remote denial of service vulnerability
2009-09-14 00:00:00
debian
debian
[SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution
2009-09-14 15:53:38
prion
prion
Buffer overflow
2009-09-15 22:30:00
openvas
openvas
FreeBSD Ports: nginx
2009-09-15 00:00:00
nginx HTTP Request Remote Buffer Overflow Vulnerability
2009-10-01 00:00:00
Fedora Core 11 FEDORA-2009-9630 (nginx)
2009-09-21 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution
2009-09-15 00:00:00
nginx proxy server memory corruption
2009-09-15 00:00:00
nginx
nginx
Buffer underflow vulnerability
2009-09-15 22:30:00
gentoo
gentoo
nginx: Remote execution of arbitrary code
2009-09-18 00:00:00
ubuntucve
ubuntucve
CVE-2009-2629
2009-09-15 00:00:00
debiancve
debiancve
CVE-2009-2629
2009-09-15 22:30:00
fedora
fedora
[SECURITY] Fedora 11 Update: nginx-0.7.62-1.fc11
2009-09-15 20:59:51
[SECURITY] Fedora 10 Update: nginx-0.7.62-1.fc10
2009-09-15 21:01:57
[SECURITY] Fedora 12 Update: nginx-0.7.64-1.fc12
2009-12-07 07:23:18
canvas
canvas
Immunity Canvas: NGINX
2009-09-15 22:30:00
cve
cve
CVE-2009-2629
2009-09-15 22:30:00
cert
cert
Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability
2009-09-15 00:00:00
checkpoint_advisories
checkpoint_advisories
nginx URI Parsing Buffer Underflow (CVE-2009-2629)
2010-01-31 00:00:00

0.938 High

EPSS

Percentile

98.9%

JSON
Related for SSV:12337
nessus9freebsd1debian1prion1openvas19securityvulns2nginx1gentoo1ubuntucve1debiancve1fedora5canvas1cve1cert1checkpoint_advisories1