ID

VAR-200909-0576


CVE

CVE-2009-2629


TITLE

Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability

Trust: 0.8

sources: CERT/CC: VU#180065

DESCRIPTION

Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests. Nginx A web server contains a buffer underrun vulnerability. Nginx Is offered for various platforms HTTP Server and mail proxy server. Nginx Is ngx_http_parse_complex_uri() There was a problem with the function and it was crafted URI A buffer underrun may occur when processing.nginx Consists of a privileged master process and an unprivileged worker process. Arbitrary code execution or denial of service by a remote third party with the authority of a worker process (DoS) There is a possibility of being attacked. The 'nginx' program is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will result in a denial-of-service condition. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/nginx < 0.7.62 *>= 0.5.38 *>= 0.6.39 >= 0.7.62 Description =========== Chris Ries reported a heap-based buffer underflow in the ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when parsing the request URI. NOTE: By default, nginx runs as the "nginx" user. Workaround ========== There is no known workaround at this time. Resolution ========== All nginx 0.5.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-servers/nginx-0.5.38 All nginx 0.6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-servers/nginx-0.6.39 All nginx 0.7.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =www-servers/nginx-0.7.62 References ========== [ 1 ] CVE-2009-2629 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-18.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1884-1 security@debian.org http://www.debian.org/security/ Nico Golde September 14th, 2009 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : nginx Vulnerability : buffer underflow Problem type : remote Debian-specific: no CVE ID : CVE-2009-2629 Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. For the oldstable distribution (etch), this problem has been fixed in version 0.4.13-2+etch2. For the stable distribution (lenny), this problem has been fixed in version 0.6.32-3+lenny2. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 0.7.61-3. We recommend that you upgrade your nginx packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz Size/MD5 checksum: 436610 d385a1e7a23020d421531818d5606b5b http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz Size/MD5 checksum: 6578 db07ea3610574b7561cbedef09a51bf2 http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc Size/MD5 checksum: 618 12706d3c92e0c225dd47367aae43115e alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb Size/MD5 checksum: 211310 5e7efe11eca1aea2f6611cd913bf519d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb Size/MD5 checksum: 195352 3fc58e180fca1465a360f37bad3da7db arm architecture (ARM) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb Size/MD5 checksum: 187144 6e49d62ee4efa11f9b75292bcb3be1d7 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb Size/MD5 checksum: 205204 7f8f76147eccbf489c900831782806c0 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb Size/MD5 checksum: 184912 7dc5e3672666d1b5666f6ce79f4c755b ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb Size/MD5 checksum: 278490 669e8d9e43a123367c429ca34927e22a mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb Size/MD5 checksum: 208238 2e6f25c4bc053d1bb1ac82bec398624d mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb Size/MD5 checksum: 207640 e6b0e0e8148d1786274cf9a4b7f9d060 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb Size/MD5 checksum: 186542 5b1460ab8707b1ccb3cf0b75c8ea2548 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb Size/MD5 checksum: 199720 8ecde48c393df02819c45bc966f73eae sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb Size/MD5 checksum: 185032 15212749985501b223af7888447fc433 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc Size/MD5 checksum: 1238 41197ff9eca3cb3707ca5eff5e431183 http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz Size/MD5 checksum: 10720 b2c8f555b7de4ac17b2c98247fd2ae6b http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz Size/MD5 checksum: 522183 c09a2ace3c91f45dabbb608b11e48ed1 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb Size/MD5 checksum: 297782 dc05cbf94712134298acdedad2a4e85d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb Size/MD5 checksum: 268518 58dc10022dd7b20ff58a4b839be62a43 arm architecture (ARM) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb Size/MD5 checksum: 251688 7f5a9499de8ba40ae2caea7de183b966 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb Size/MD5 checksum: 282324 f0264b98d0564f51692292c0ec269a19 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb Size/MD5 checksum: 253060 a64340fa3a9a5b58e23267f13abfeeed ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb Size/MD5 checksum: 420004 a2e6de141194e41a60893b0b2c457f28 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb Size/MD5 checksum: 283220 04407318230621467ea3a42bfb11d724 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb Size/MD5 checksum: 283444 0bd0eb1e415d7d6877a95e21ddb91fa7 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb Size/MD5 checksum: 276056 fae6451ab5ac767f93d3229a9e01f3bf sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb Size/MD5 checksum: 256778 df6a47fe174736468910a4166fe0a064 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkquZwIACgkQHYflSXNkfP+2zACghwt2Hx3UoREEb7p697sYiPSl pZQAn1WWgFTERwdFo5uw5KuZ7hN09KuH =Xrul -----END PGP SIGNATURE-----

Trust: 2.88

sources: NVD: CVE-2009-2629 // CERT/CC: VU#180065 // JVNDB: JVNDB-2009-002152 // BID: 36384 // VULHUB: VHN-40075 // PACKETSTORM: 81454 // PACKETSTORM: 81284

AFFECTED PRODUCTS

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 1.3

vendor:f5model:nginxscope:gteversion:0.8.0

Trust: 1.0

vendor:f5model:nginxscope:ltversion:0.8.15

Trust: 1.0

vendor:f5model:nginxscope:ltversion:0.6.39

Trust: 1.0

vendor:f5model:nginxscope:gteversion:0.6.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:11

Trust: 1.0

vendor:f5model:nginxscope:ltversion:0.7.62

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:4.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:12

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:10

Trust: 1.0

vendor:f5model:nginxscope:gteversion:0.7.0

Trust: 1.0

vendor:f5model:nginxscope:ltversion:0.5.38

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:6.0

Trust: 1.0

vendor:f5model:nginxscope:gteversion:0.1.0

Trust: 1.0

vendor:debian gnu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:nginxmodel: - scope: - version: -

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:lteversion:0.1.0 from 0.5.37

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:ltversion:0.6.39 earlier

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:ltversion:0.7.62 earlier

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:ltversion:0.8.15 earlier

Trust: 0.8

vendor:nginxmodel:nginxscope:eqversion:0.1.5

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.1.4

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.1.8

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.1.7

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.1.6

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.1.9

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.1.1

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.1.2

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.1.3

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.1.10

Trust: 0.6

vendor:igormodel:sysoev nginxscope:eqversion:0.8.14

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.7.61

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.6.38

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.5.37

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:4.0

Trust: 0.3

vendor:igormodel:sysoev nginxscope:neversion:0.8.15

Trust: 0.3

vendor:igormodel:sysoev nginxscope:neversion:0.7.62

Trust: 0.3

vendor:igormodel:sysoev nginxscope:neversion:0.6.39

Trust: 0.3

vendor:igormodel:sysoev nginxscope:neversion:0.5.38

Trust: 0.3

sources: CERT/CC: VU#180065 // BID: 36384 // JVNDB: JVNDB-2009-002152 // CNNVD: CNNVD-200909-302 // NVD: CVE-2009-2629

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2629
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#180065
value: 4.22

Trust: 0.8

NVD: CVE-2009-2629
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200909-302
value: HIGH

Trust: 0.6

VULHUB: VHN-40075
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-2629
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-40075
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#180065 // VULHUB: VHN-40075 // JVNDB: JVNDB-2009-002152 // CNNVD: CNNVD-200909-302 // NVD: CVE-2009-2629

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-40075 // JVNDB: JVNDB-2009-002152 // NVD: CVE-2009-2629

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 81454 // CNNVD: CNNVD-200909-302

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-200909-302

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-002152

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-40075

PATCH

title:Top Pageurl:http://nginx.net/

Trust: 0.8

sources: JVNDB: JVNDB-2009-002152

EXTERNAL IDS

db:CERT/CCid:VU#180065

Trust: 3.6

db:NVDid:CVE-2009-2629

Trust: 3.0

db:JVNDBid:JVNDB-2009-002152

Trust: 0.8

db:CNNVDid:CNNVD-200909-302

Trust: 0.7

db:BIDid:36384

Trust: 0.4

db:PACKETSTORMid:81454

Trust: 0.2

db:PACKETSTORMid:81284

Trust: 0.2

db:SEEBUGid:SSVID-87569

Trust: 0.1

db:SEEBUGid:SSVID-69732

Trust: 0.1

db:EXPLOIT-DBid:14830

Trust: 0.1

db:VULHUBid:VHN-40075

Trust: 0.1

sources: CERT/CC: VU#180065 // VULHUB: VHN-40075 // BID: 36384 // JVNDB: JVNDB-2009-002152 // PACKETSTORM: 81454 // PACKETSTORM: 81284 // CNNVD: CNNVD-200909-302 // NVD: CVE-2009-2629

REFERENCES

url:http://www.kb.cert.org/vuls/id/180065

Trust: 2.8

url:http://www.debian.org/security/2009/dsa-1884

Trust: 2.5

url:http://nginx.net/changes-0.5

Trust: 2.0

url:http://nginx.net/changes-0.6

Trust: 2.0

url:http://nginx.net/changes-0.7

Trust: 2.0

url:http://sysoev.ru/nginx/patch.180065.txt

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00428.html

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00442.html

Trust: 1.7

url:https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00449.html

Trust: 1.7

url:http://nginx.net/changes

Trust: 1.4

url:http://security.gentoo.org/glsa/glsa-200909-18.xml

Trust: 0.9

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2629

Trust: 0.9

url:about vulnerability notes

Trust: 0.8

url:contact us about this vulnerability

Trust: 0.8

url:provide a vendor statement

Trust: 0.8

url:http://jvn.jp/cert/jvnvu180065/

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2629

Trust: 0.8

url:http://nginx.org/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2009-2629

Trust: 0.2

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz

Trust: 0.1

url:http://security.debian.org/

Trust: 0.1

url:http://packages.debian.org/<pkg>

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

url:http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb

Trust: 0.1

sources: CERT/CC: VU#180065 // VULHUB: VHN-40075 // BID: 36384 // JVNDB: JVNDB-2009-002152 // PACKETSTORM: 81454 // PACKETSTORM: 81284 // CNNVD: CNNVD-200909-302 // NVD: CVE-2009-2629

CREDITS

Chris Ries

Trust: 0.9

sources: BID: 36384 // CNNVD: CNNVD-200909-302

SOURCES

db:CERT/CCid:VU#180065
db:VULHUBid:VHN-40075
db:BIDid:36384
db:JVNDBid:JVNDB-2009-002152
db:PACKETSTORMid:81454
db:PACKETSTORMid:81284
db:CNNVDid:CNNVD-200909-302
db:NVDid:CVE-2009-2629

LAST UPDATE DATE

2024-08-14T15:14:24.921000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#180065date:2009-09-21T00:00:00
db:VULHUBid:VHN-40075date:2021-11-10T00:00:00
db:BIDid:36384date:2015-05-07T17:02:00
db:JVNDBid:JVNDB-2009-002152date:2009-10-28T00:00:00
db:CNNVDid:CNNVD-200909-302date:2023-05-15T00:00:00
db:NVDid:CVE-2009-2629date:2021-11-10T15:52:54.030

SOURCES RELEASE DATE

db:CERT/CCid:VU#180065date:2009-09-15T00:00:00
db:VULHUBid:VHN-40075date:2009-09-15T00:00:00
db:BIDid:36384date:2009-09-14T00:00:00
db:JVNDBid:JVNDB-2009-002152date:2009-10-28T00:00:00
db:PACKETSTORMid:81454date:2009-09-19T16:50:46
db:PACKETSTORMid:81284date:2009-09-15T04:05:55
db:CNNVDid:CNNVD-200909-302date:2009-09-15T00:00:00
db:NVDid:CVE-2009-2629date:2009-09-15T22:30:00.233