ID

VAR-201307-0482


CVE

CVE-2013-2070


TITLE

nginx of http/modules/ngx_http_proxy_module.c Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-003474

DESCRIPTION

http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028. Nginx is prone to a remote security vulnerability. Attackers can exploit this issue to a cause a denial-of-service condition or obtain sensitive information. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: nginx: Multiple vulnerabilities Date: October 06, 2013 Bugs: #458726, #468870 ID: 201310-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code. Background ========== nginx is a robust, small, and high performance HTTP and reverse proxy server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/nginx < 1.4.1-r2 >= 1.4.1-r2 Description =========== Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All nginx users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.1-r2" References ========== [ 1 ] CVE-2013-0337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337 [ 2 ] CVE-2013-2028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028 [ 3 ] CVE-2013-2070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201310-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2721-1 security@debian.org http://www.debian.org/security/ Nico Golde July 07, 2013 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2013-2070 Debian Bug : 708164 A buffer overflow has been identified in nginx, a small, powerful, scalable web/proxy server, when processing certain chunked transfer encoding requests if proxy_pass to untrusted upstream HTTP servers is used. The oldstable distribution (squeeze), is not affected by this problem. For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy1. For the unstable distribution (sid), this problem has been fixed in version 1.4.1-1. We recommend that you upgrade your nginx packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJR2ZOuAAoJEM1LKvOgoKqqTjsQAMKVFfBMx5Xu6XB6jXXM+2CL +m0TyjQp9oKTlTkZpE18fbQviCVk+A1jZZbHdEZlJnEdy0XvXvJpaN6DiNi10IVi kRQkMBtusXI7Bshh4Z/xWh6on9s//06mQzQzymnMQfcKDcg91Z159xPYi86mlxH5 dnf9/XirRwCokM5PI8duw1YJg2aMUpr5wYi14LVpC93ic5UoL3olwtbWcIAJy6VP auORGQLFTUCljpyEtZXku8mD168RnSubP6FZGRfar3JvywBX4MgK/+KnGXuZKZ6H MNDgVrb8hrkzQJQWvycZjhYUhurqSkR17VgJnwiyHxOxP9Sw6adWoH5aRGwoklhH 0d48CMlunJFvYtFEY8rQqiXBLAyZ09CnrEwgQa3hlugGWkRPVxnKmaghOwXZNXez o8RjCYEOdD2BppUc8RJZYz3UYq+WdVKv499HcgKGscol9aJ8XCYoq/G67697EaPF NUFaL3ApZ7rGiuUsx82FujIRs2rjuvQTe9Wiz2jRh0/BjuKarL/TG3r3SVD5/nDX 6j4ngF8eFDmf2ZfxQM1/Ug2ReO+gglnVZyYy4Kn/fxTTwFMLvznR+2lygAJQs/aM CsRN7KQhDdL1FgELvapLYyfcweeq41NJGwIvD7y3O7JKAlO44IO3XcvdAOHWLY2f 8xcpghy474tAclbQPQUi =4eCV -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2013-2070 // JVNDB: JVNDB-2013-003474 // BID: 59824 // VULHUB: VHN-62072 // PACKETSTORM: 123516 // PACKETSTORM: 122319

AFFECTED PRODUCTS

vendor:f5model:nginxscope:lteversion:1.4.0

Trust: 1.0

vendor:f5model:nginxscope:gteversion:1.1.4

Trust: 1.0

vendor:f5model:nginxscope:gteversion:1.3.9

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:6.0

Trust: 1.0

vendor:f5model:nginxscope:lteversion:1.2.8

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.4 to 1.2.8

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:eqversion:1.3.0 to 1.4.0

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.12

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.19

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.15

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.13

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.18

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.17

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.7

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.8

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.16

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.1.11

Trust: 0.6

vendor:igormodel:sysoev nginxscope:eqversion:1.4.4

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.3.9

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.3.1

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.3

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.2.1

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.2

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.1.17

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.0.14

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.0.10

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.0.9

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.0.8

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.1.19

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.0.15

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

sources: BID: 59824 // JVNDB: JVNDB-2013-003474 // CNNVD: CNNVD-201305-235 // NVD: CVE-2013-2070

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2070
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-2070
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201305-235
value: MEDIUM

Trust: 0.6

VULHUB: VHN-62072
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-2070
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-62072
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-62072 // JVNDB: JVNDB-2013-003474 // CNNVD: CNNVD-201305-235 // NVD: CVE-2013-2070

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-62072 // JVNDB: JVNDB-2013-003474 // NVD: CVE-2013-2070

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-235

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201305-235

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003474

PATCH

title:FEDORA-2013-8182url:https://lists.fedoraproject.org/pipermail/package-announce/2013-May/105950.html

Trust: 0.8

title:GLSA 201310-04url:http://www.gentoo.org/security/en/glsa/glsa-201310-04.xml

Trust: 0.8

title:Top Pageurl:http://nginx.org/ja/

Trust: 0.8

title:Bug 962525url:https://bugzilla.redhat.com/show_bug.cgi?id=962525

Trust: 0.8

title:CVE-2013-2028url:http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html

Trust: 0.8

title:Nginx Fixes for permissions and access control issues vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=134169

Trust: 0.6

sources: JVNDB: JVNDB-2013-003474 // CNNVD: CNNVD-201305-235

EXTERNAL IDS

db:NVDid:CVE-2013-2070

Trust: 3.0

db:BIDid:59824

Trust: 2.0

db:OPENWALLid:OSS-SECURITY/2013/05/13/3

Trust: 1.7

db:SECUNIAid:55181

Trust: 1.7

db:JVNDBid:JVNDB-2013-003474

Trust: 0.8

db:CNNVDid:CNNVD-201305-235

Trust: 0.7

db:PACKETSTORMid:122319

Trust: 0.2

db:SEEBUGid:SSVID-60786

Trust: 0.1

db:VULHUBid:VHN-62072

Trust: 0.1

db:PACKETSTORMid:123516

Trust: 0.1

sources: VULHUB: VHN-62072 // BID: 59824 // JVNDB: JVNDB-2013-003474 // PACKETSTORM: 123516 // PACKETSTORM: 122319 // CNNVD: CNNVD-201305-235 // NVD: CVE-2013-2070

REFERENCES

url:http://security.gentoo.org/glsa/glsa-201310-04.xml

Trust: 1.8

url:http://secunia.com/advisories/55181

Trust: 1.7

url:http://www.securityfocus.com/bid/59824

Trust: 1.7

url:http://www.debian.org/security/2013/dsa-2721

Trust: 1.7

url:http://lists.fedoraproject.org/pipermail/package-announce/2013-may/105950.html

Trust: 1.7

url:http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html

Trust: 1.7

url:http://seclists.org/oss-sec/2013/q2/291

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2013/05/13/3

Trust: 1.7

url:http://nginx.org/download/patch.2013.proxy.txt

Trust: 1.7

url:https://bugzilla.redhat.com/show_bug.cgi?id=962525

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/84172

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2070

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2070

Trust: 0.8

url:http://nginx.org/

Trust: 0.3

url:http://seclists.org/oss-sec/2013/q2/315

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2070

Trust: 0.2

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0337

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0337

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2028

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2070

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-2028

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

sources: VULHUB: VHN-62072 // BID: 59824 // JVNDB: JVNDB-2013-003474 // PACKETSTORM: 123516 // PACKETSTORM: 122319 // CNNVD: CNNVD-201305-235 // NVD: CVE-2013-2070

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 59824

SOURCES

db:VULHUBid:VHN-62072
db:BIDid:59824
db:JVNDBid:JVNDB-2013-003474
db:PACKETSTORMid:123516
db:PACKETSTORMid:122319
db:CNNVDid:CNNVD-201305-235
db:NVDid:CVE-2013-2070

LAST UPDATE DATE

2024-08-14T12:21:22.850000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-62072date:2021-11-10T00:00:00
db:BIDid:59824date:2015-04-13T22:23:00
db:JVNDBid:JVNDB-2013-003474date:2013-11-29T00:00:00
db:CNNVDid:CNNVD-201305-235date:2023-05-15T00:00:00
db:NVDid:CVE-2013-2070date:2021-11-10T15:59:33.600

SOURCES RELEASE DATE

db:VULHUBid:VHN-62072date:2013-07-20T00:00:00
db:BIDid:59824date:2013-05-13T00:00:00
db:JVNDBid:JVNDB-2013-003474date:2013-07-23T00:00:00
db:PACKETSTORMid:123516date:2013-10-07T22:29:42
db:PACKETSTORMid:122319date:2013-07-08T19:34:00
db:CNNVDid:CNNVD-201305-235date:2013-05-14T00:00:00
db:NVDid:CVE-2013-2070date:2013-07-20T03:37:25.247