Vulnerability Note VU#180065
Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability
Overview
A vulnerability in the nginx web server may allow remote attackers to execute arbitrary code on an affected system.
Description
nginx is an HTTP server and mail proxy server that is available for a number of different platforms. A buffer underflow vulnerability exists in the ngx_http_parse_complex_uri() function when handling specially crafted URIs. Exploitation of this vulnerability would cause the nginx server to write data contained in the URI to heap memory before the allocated buffer. |
Impact
As with a number of other web servers, nginx is designed to operate with a single privileged master process and multiple unprivileged worker processes handling specific requests. A remote, unauthenticated attacker may be able to execute arbitrary code in the context of the worker process or cause the worker process to crash, resulting in a denial of service. |
Solution
Upgrade or apply a patch Updated versions of the nginx package have been released to address this issue. Users should consult the Systems Affected section of this document for information about specific vendors. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Debian GNU/Linux | Affected | 05 Sep 2009 | 14 Sep 2009 |
| Gentoo Linux | Affected | 05 Sep 2009 | 21 Sep 2009 |
| nginx | Affected | - | 15 Sep 2009 |
| Sun Microsystems, Inc. | Not Affected | 05 Sep 2009 | 09 Sep 2009 |
| SUSE Linux | Not Affected | 05 Sep 2009 | 08 Sep 2009 |
| The SCO Group | Not Affected | 05 Sep 2009 | 08 Sep 2009 |
| Apple Inc. | Unknown | 05 Sep 2009 | 06 Sep 2009 |
| Conectiva Inc. | Unknown | 05 Sep 2009 | 06 Sep 2009 |
| Cray Inc. | Unknown | 05 Sep 2009 | 06 Sep 2009 |
| DragonFly BSD Project | Unknown | 05 Sep 2009 | 06 Sep 2009 |
| EMC Corporation | Unknown | 05 Sep 2009 | 06 Sep 2009 |
| Engarde Secure Linux | Unknown | 05 Sep 2009 | 06 Sep 2009 |
| F5 Networks, Inc. | Unknown | 05 Sep 2009 | 06 Sep 2009 |
| Fedora Project | Unknown | 05 Sep 2009 | 06 Sep 2009 |
| FreeBSD, Inc. | Unknown | 05 Sep 2009 | 06 Sep 2009 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- None
Credit
Thanks to Chris Ries of the Carnegie Mellon University Information Security Office for reporting this vulnerability.
This document was written by Chad R Dougherty.
Other Information
- CVE IDs: CVE-2009-2629
- Date Public: 14 Sep 2009
- Date First Published: 15 Sep 2009
- Date Last Updated: 21 Sep 2009
- Severity Metric: 4.22
- Document Revision: 8
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.