ID

VAR-201307-0483


CVE

CVE-2013-2028


TITLE

nginx of http/ngx_http_parse.c Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-003473

DESCRIPTION

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. nginx is prone to a stack-based buffer-overflow vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. The issue is fixed in nginx 1.4.1 and 1.5.0. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. A denial of service vulnerability exists in the 'ngx_http_parse_chunked' function in http/ngx_http_parse.c in nginx versions 1.3.9 to 1.4.0. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: nginx: Multiple vulnerabilities Date: October 06, 2013 Bugs: #458726, #468870 ID: 201310-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code. Background ========== nginx is a robust, small, and high performance HTTP and reverse proxy server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/nginx < 1.4.1-r2 >= 1.4.1-r2 Description =========== Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could send a specially crafted request, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Furthermore, a context-dependent attacker may be able to obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All nginx users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.1-r2" References ========== [ 1 ] CVE-2013-0337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0337 [ 2 ] CVE-2013-2028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028 [ 3 ] CVE-2013-2070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201310-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . From: Maxim Dounin mdounin at mdounin.ru Tue May 7 11:30:26 UTC 2013 Hello! Greg MacManus, of iSIGHT Partners Labs, found a security problem in several recent versions of nginx. Patch for the problem can be found here: http://nginx.org/download/patch.2013.chunked.txt As a temporary workaround the following configuration can be used in each server{} block: if ($http_transfer_encoding ~* chunked) { return 444; } -- Maxim Dounin http://nginx.org/en/donation.html

Trust: 2.25

sources: NVD: CVE-2013-2028 // JVNDB: JVNDB-2013-003473 // BID: 59699 // VULHUB: VHN-62030 // VULMON: CVE-2013-2028 // PACKETSTORM: 123516 // PACKETSTORM: 121560

AFFECTED PRODUCTS

vendor:f5model:nginxscope:lteversion:1.4.0

Trust: 1.0

vendor:f5model:nginxscope:gteversion:1.3.9

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:19

Trust: 1.0

vendor:igor sysoevmodel:nginxscope:eqversion:1.3.9 to 1.4.0

Trust: 0.8

vendor:nginxmodel:nginxscope:eqversion:1.3.9

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.3.9

Trust: 0.6

vendor:igor sysoevmodel:nginxscope:eqversion:1.4.0

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.4.0

Trust: 0.6

vendor:igormodel:sysoev nginxscope:eqversion:1.4.4

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:1.3.9

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:igormodel:sysoev nginxscope:neversion:1.5.7

Trust: 0.3

vendor:igormodel:sysoev nginxscope:neversion:1.4.1

Trust: 0.3

sources: BID: 59699 // JVNDB: JVNDB-2013-003473 // CNNVD: CNNVD-201305-143 // NVD: CVE-2013-2028

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2028
value: HIGH

Trust: 1.0

NVD: CVE-2013-2028
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201305-143
value: HIGH

Trust: 0.6

VULHUB: VHN-62030
value: HIGH

Trust: 0.1

VULMON: CVE-2013-2028
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-2028
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-62030
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-62030 // VULMON: CVE-2013-2028 // JVNDB: JVNDB-2013-003473 // CNNVD: CNNVD-201305-143 // NVD: CVE-2013-2028

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-189

Trust: 0.9

sources: VULHUB: VHN-62030 // JVNDB: JVNDB-2013-003473 // NVD: CVE-2013-2028

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-143

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201305-143

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003473

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-62030 // VULMON: CVE-2013-2028

PATCH

title:GLSA 201310-04url:http://www.gentoo.org/security/en/glsa/glsa-201310-04.xml

Trust: 0.8

title:Top Pageurl:http://nginx.org/ja/

Trust: 0.8

title:CVE-2013-2028url:http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html

Trust: 0.8

title:nginx 'ngx_http_parse.c' Repair measures for stack buffer error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=134168

Trust: 0.6

title:nginxpwnurl:https://github.com/kitctf/nginxpwn

Trust: 0.1

title:hack4careerurl:https://github.com/mertsarica/hack4career

Trust: 0.1

title:docker-cve-2013-2028url:https://github.com/mambroziak/docker-cve-2013-2028

Trust: 0.1

title:nginx-1.4.0url:https://github.com/danghvu/nginx-1.4.0

Trust: 0.1

title:zeus-software-securityurl:https://github.com/alexgeunholee/zeus-software-security

Trust: 0.1

title:nginxhackurl:https://github.com/jptr218/nginxhack

Trust: 0.1

title:non-controlflow-hijacking-datasetsurl:https://github.com/camel-clarkson/non-controlflow-hijacking-datasets

Trust: 0.1

title:exploit-development-case-studiesurl:https://github.com/dyjakan/exploit-development-case-studies

Trust: 0.1

title:LinuxFlawurl:https://github.com/mudongliang/LinuxFlaw

Trust: 0.1

sources: VULMON: CVE-2013-2028 // JVNDB: JVNDB-2013-003473 // CNNVD: CNNVD-201305-143

EXTERNAL IDS

db:NVDid:CVE-2013-2028

Trust: 3.1

db:BIDid:59699

Trust: 2.1

db:PACKETSTORMid:121675

Trust: 1.8

db:SECUNIAid:55181

Trust: 1.8

db:OSVDBid:93037

Trust: 1.8

db:JVNDBid:JVNDB-2013-003473

Trust: 0.8

db:CNNVDid:CNNVD-201305-143

Trust: 0.7

db:PACKETSTORMid:121560

Trust: 0.2

db:EXPLOIT-DBid:25499

Trust: 0.2

db:PACKETSTORMid:125758

Trust: 0.1

db:PACKETSTORMid:121712

Trust: 0.1

db:PACKETSTORMid:122477

Trust: 0.1

db:EXPLOIT-DBid:26737

Trust: 0.1

db:EXPLOIT-DBid:25775

Trust: 0.1

db:EXPLOIT-DBid:32277

Trust: 0.1

db:SEEBUGid:SSVID-85572

Trust: 0.1

db:SEEBUGid:SSVID-79430

Trust: 0.1

db:SEEBUGid:SSVID-79160

Trust: 0.1

db:SEEBUGid:SSVID-80363

Trust: 0.1

db:VULHUBid:VHN-62030

Trust: 0.1

db:VULMONid:CVE-2013-2028

Trust: 0.1

db:PACKETSTORMid:123516

Trust: 0.1

sources: VULHUB: VHN-62030 // VULMON: CVE-2013-2028 // BID: 59699 // JVNDB: JVNDB-2013-003473 // PACKETSTORM: 123516 // PACKETSTORM: 121560 // CNNVD: CNNVD-201305-143 // NVD: CVE-2013-2028

REFERENCES

url:http://www.securityfocus.com/bid/59699

Trust: 1.9

url:http://security.gentoo.org/glsa/glsa-201310-04.xml

Trust: 1.9

url:http://nginx.org/download/patch.2013.chunked.txt

Trust: 1.9

url:http://lists.fedoraproject.org/pipermail/package-announce/2013-may/105176.html

Trust: 1.8

url:http://packetstormsecurity.com/files/121675/nginx-1.3.9-1.4.0-denial-of-service.html

Trust: 1.8

url:http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/

Trust: 1.8

url:https://github.com/rapid7/metasploit-framework/pull/1834

Trust: 1.8

url:http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html

Trust: 1.8

url:http://www.osvdb.org/93037

Trust: 1.8

url:http://secunia.com/advisories/55181

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2028

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2028

Trust: 0.8

url:http://nginx.org/

Trust: 0.3

url:http://int3pids.blogspot.com.es/2013/07/nginx-reliable-explotation-through.html

Trust: 0.3

url:http://seclists.org/oss-sec/2013/q2/290

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2013-2028

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://github.com/kitctf/nginxpwn

Trust: 0.1

url:https://www.exploit-db.com/exploits/25499/

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-2070

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0337

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0337

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2028

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2070

Trust: 0.1

url:http://nginx.org/en/donation.html

Trust: 0.1

sources: VULHUB: VHN-62030 // VULMON: CVE-2013-2028 // BID: 59699 // JVNDB: JVNDB-2013-003473 // PACKETSTORM: 123516 // PACKETSTORM: 121560 // CNNVD: CNNVD-201305-143 // NVD: CVE-2013-2028

CREDITS

Greg MacManus of iSIGHT Partners Labs

Trust: 0.9

sources: BID: 59699 // CNNVD: CNNVD-201305-143

SOURCES

db:VULHUBid:VHN-62030
db:VULMONid:CVE-2013-2028
db:BIDid:59699
db:JVNDBid:JVNDB-2013-003473
db:PACKETSTORMid:123516
db:PACKETSTORMid:121560
db:CNNVDid:CNNVD-201305-143
db:NVDid:CVE-2013-2028

LAST UPDATE DATE

2024-08-14T12:12:49.260000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-62030date:2021-11-10T00:00:00
db:VULMONid:CVE-2013-2028date:2021-11-10T00:00:00
db:BIDid:59699date:2015-04-13T21:40:00
db:JVNDBid:JVNDB-2013-003473date:2013-11-12T00:00:00
db:CNNVDid:CNNVD-201305-143date:2023-05-15T00:00:00
db:NVDid:CVE-2013-2028date:2021-11-10T15:59:33.553

SOURCES RELEASE DATE

db:VULHUBid:VHN-62030date:2013-07-20T00:00:00
db:VULMONid:CVE-2013-2028date:2013-07-20T00:00:00
db:BIDid:59699date:2013-05-07T00:00:00
db:JVNDBid:JVNDB-2013-003473date:2013-07-23T00:00:00
db:PACKETSTORMid:123516date:2013-10-07T22:29:42
db:PACKETSTORMid:121560date:2013-05-08T02:43:02
db:CNNVDid:CNNVD-201305-143date:2013-05-14T00:00:00
db:NVDid:CVE-2013-2028date:2013-07-20T03:37:20.730