ID

VAR-201204-0227


CVE

CVE-2012-2089


TITLE

nginx of ngx_http_mp4_module.c Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2012-002087

DESCRIPTION

Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. nginx is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. nginx versions 1.1.3 through 1.1.18 and 1.0.7 through 1.0.14 are vulnerable; other versions may also be affected. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. Failure to do so will result in a denial of service. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: nginx: User-assisted execution of arbitrary code Date: June 21, 2012 Bugs: #411751 ID: 201206-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow vulnerability in nginx could result in the execution of arbitrary code. Background ========== nginx is a robust, small, and high performance HTTP and reverse proxy server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/nginx < 1.0.15 >= 1.0.15 Description =========== An error in ngx_http_mp4_module.c could cause a buffer overflow. Workaround ========== There is no known workaround at this time. Resolution ========== All nginx users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.15" References ========== [ 1 ] CVE-2012-2089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2089 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.07

sources: NVD: CVE-2012-2089 // JVNDB: JVNDB-2012-002087 // BID: 52999 // VULHUB: VHN-55370 // PACKETSTORM: 114012

AFFECTED PRODUCTS

vendor:f5model:nginxscope:gteversion:1.0.7

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:15

Trust: 1.0

vendor:f5model:nginxscope:lteversion:1.1.18

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:17

Trust: 1.0

vendor:f5model:nginxscope:lteversion:1.0.14

Trust: 1.0

vendor:f5model:nginxscope:gteversion:1.1.3

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:16

Trust: 1.0

vendor:igor sysoevmodel:nginxscope:eqversion:1.0.7 to 1.0.14

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.3 to 1.1.18

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.14

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.12

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.15

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.13

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.7

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.9

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.8

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.16

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.11

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.10

Trust: 0.6

vendor:igormodel:sysoev nginxscope:eqversion:1.1.17

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.0.14

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.0.9

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.0.8

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:igormodel:sysoev nginxscope:neversion:1.1.19

Trust: 0.3

vendor:igormodel:sysoev nginxscope:neversion:1.0.15

Trust: 0.3

sources: BID: 52999 // JVNDB: JVNDB-2012-002087 // CNNVD: CNNVD-201204-276 // NVD: CVE-2012-2089

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-2089
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-2089
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201204-276
value: HIGH

Trust: 0.6

VULHUB: VHN-55370
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-2089
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2012-2089
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-55370
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-55370 // JVNDB: JVNDB-2012-002087 // CNNVD: CNNVD-201204-276 // NVD: CVE-2012-2089

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-55370 // JVNDB: JVNDB-2012-002087 // NVD: CVE-2012-2089

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201204-276

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201204-276

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-002087

PATCH

title:nginx security advisoriesurl:http://nginx.org/en/security_advisories.html

Trust: 0.8

title:nginx-1.0.15url:http://123.124.177.30/web/xxk/bdxqById.tag?id=42976

Trust: 0.6

title:nginx-1.1.19url:http://123.124.177.30/web/xxk/bdxqById.tag?id=42979

Trust: 0.6

title:nginx-1.1.19url:http://123.124.177.30/web/xxk/bdxqById.tag?id=42978

Trust: 0.6

title:nginx-1.0.15url:http://123.124.177.30/web/xxk/bdxqById.tag?id=42977

Trust: 0.6

sources: JVNDB: JVNDB-2012-002087 // CNNVD: CNNVD-201204-276

EXTERNAL IDS

db:NVDid:CVE-2012-2089

Trust: 2.9

db:BIDid:52999

Trust: 2.0

db:SECTRACKid:1026924

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2012/04/12/9

Trust: 1.7

db:JVNDBid:JVNDB-2012-002087

Trust: 0.8

db:CNNVDid:CNNVD-201204-276

Trust: 0.7

db:PACKETSTORMid:114012

Trust: 0.2

db:VULHUBid:VHN-55370

Trust: 0.1

sources: VULHUB: VHN-55370 // BID: 52999 // JVNDB: JVNDB-2012-002087 // PACKETSTORM: 114012 // CNNVD: CNNVD-201204-276 // NVD: CVE-2012-2089

REFERENCES

url:http://nginx.org/en/security_advisories.html

Trust: 2.0

url:http://www.securitytracker.com/id?1026924

Trust: 1.7

url:http://www.securityfocus.com/bid/52999

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2012-april/079388.html

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2012-may/079474.html

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2012-may/079467.html

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2012/04/12/9

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/74831

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2089

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2089

Trust: 0.8

url:http://nginx.org/

Trust: 0.3

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2089

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2089

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-201206-07.xml

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

sources: VULHUB: VHN-55370 // BID: 52999 // JVNDB: JVNDB-2012-002087 // PACKETSTORM: 114012 // CNNVD: CNNVD-201204-276 // NVD: CVE-2012-2089

CREDITS

Matthew Daley

Trust: 0.9

sources: BID: 52999 // CNNVD: CNNVD-201204-276

SOURCES

db:VULHUBid:VHN-55370
db:BIDid:52999
db:JVNDBid:JVNDB-2012-002087
db:PACKETSTORMid:114012
db:CNNVDid:CNNVD-201204-276
db:NVDid:CVE-2012-2089

LAST UPDATE DATE

2024-08-14T14:14:37.342000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-55370date:2021-11-10T00:00:00
db:BIDid:52999date:2015-04-13T21:21:00
db:JVNDBid:JVNDB-2012-002087date:2012-04-19T00:00:00
db:CNNVDid:CNNVD-201204-276date:2023-05-15T00:00:00
db:NVDid:CVE-2012-2089date:2021-11-10T15:57:01.200

SOURCES RELEASE DATE

db:VULHUBid:VHN-55370date:2012-04-17T00:00:00
db:BIDid:52999date:2012-04-12T00:00:00
db:JVNDBid:JVNDB-2012-002087date:2012-04-19T00:00:00
db:PACKETSTORMid:114012date:2012-06-21T15:33:40
db:CNNVDid:CNNVD-201204-276date:2012-04-16T00:00:00
db:NVDid:CVE-2012-2089date:2012-04-17T21:55:01.353