ID

VAR-201602-0392


CVE

CVE-2016-0746


TITLE

nginx Service disruption in other resolvers (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-001744

DESCRIPTION

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. nginx is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions. There is a use-after-free vulnerability in the resolver of nginx versions prior to 1.8.1 and versions 1.9.x prior to 1.9.10. These only affect nginx if the "resolver" directive is used in a configuration file. For the oldstable distribution (wheezy), these problems have been fixed in version 1.2.1-2.2+wheezy4. For the stable distribution (jessie), these problems have been fixed in version 1.6.2-5+deb8u1. For the testing distribution (stretch), these problems have been fixed in version 1.9.10-1. For the unstable distribution (sid), these problems have been fixed in version 1.9.10-1. We recommend that you upgrade your nginx packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: rh-nginx18-nginx security update Advisory ID: RHSA-2016:1425-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2016:1425 Issue date: 2016-07-14 CVE Names: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-4450 ===================================================================== 1. Summary: An update for rh-nginx18-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Nginx is a web and proxy server with a focus on high concurrency, performance, and low memory usage. The following packages have been upgraded to a newer upstream version: rh-nginx18-nginx (1.8.1). Security Fix(es): * A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. (CVE-2016-4450) * It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. (CVE-2016-0742) * A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. (CVE-2016-0746) * It was discovered that nginx did not limit recursion when resolving CNAME DNS records. (CVE-2016-0747) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The rh-nginx18-nginx service must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1302587 - CVE-2016-0742 nginx: invalid pointer dereference in resolver 1302588 - CVE-2016-0746 nginx: use-after-free during CNAME response processing in resolver 1302589 - CVE-2016-0747 nginx: Insufficient limits of CNAME resolution in resolver 1341462 - CVE-2016-4450 nginx: NULL pointer dereference while writing client request body 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7): Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: rh-nginx18-nginx-1.8.1-1.el6.src.rpm x86_64: rh-nginx18-nginx-1.8.1-1.el6.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.1): Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.2): Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nginx18-nginx-1.8.1-1.el7.src.rpm x86_64: rh-nginx18-nginx-1.8.1-1.el7.x86_64.rpm rh-nginx18-nginx-debuginfo-1.8.1-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-0742 https://access.redhat.com/security/cve/CVE-2016-0746 https://access.redhat.com/security/cve/CVE-2016-0747 https://access.redhat.com/security/cve/CVE-2016-4450 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFXhy2gXlSAg2UNWIIRAjOgAJ9QjuFMrvK50IeJq8Ky7VkefuMBUwCeM+Cp ZhbDRXs2sdXbnakZ6oJi/K8= =7RBd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: nginx: Multiple vulnerabilities Date: June 17, 2016 Bugs: #560854, #573046, #584744 ID: 201606-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in nginx, the worst of which may allow a remote attacker to cause a Denial of Service. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/nginx < 1.10.1 >= 1.10.1 Description =========== Multiple vulnerabilities have been discovered in nginx. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All nginx users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.10.1" References ========== [ 1 ] CVE-2013-3587 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3587 [ 2 ] CVE-2016-0742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0742 [ 3 ] CVE-2016-0746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0746 [ 4 ] CVE-2016-0747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0747 [ 5 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 [ 6 ] CVE-2016-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4450 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201606-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2892-1 February 09, 2016 nginx vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS Summary: Several security issues were fixed in nginx. (CVE-2016-0747) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: nginx-core 1.9.3-1ubuntu1.1 nginx-extras 1.9.3-1ubuntu1.1 nginx-full 1.9.3-1ubuntu1.1 nginx-light 1.9.3-1ubuntu1.1 Ubuntu 14.04 LTS: nginx-core 1.4.6-1ubuntu3.4 nginx-extras 1.4.6-1ubuntu3.4 nginx-full 1.4.6-1ubuntu3.4 nginx-light 1.4.6-1ubuntu3.4 nginx-naxsi 1.4.6-1ubuntu3.4 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-09-20-4 Xcode 13 Xcode 13 addresses the following issues. IDE Xcode Server Available for: macOS Big Sur 11.3 and later Impact: Multiple issues in nginx Description: Multiple issues were addressed by updating nginx to version 1.21.0. CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372 Installation note: Xcode 13 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "Xcode 13"

Trust: 2.52

sources: NVD: CVE-2016-0746 // JVNDB: JVNDB-2016-001744 // BID: 82230 // VULHUB: VHN-88256 // VULMON: CVE-2016-0746 // PACKETSTORM: 135738 // PACKETSTORM: 137908 // PACKETSTORM: 137518 // PACKETSTORM: 135684 // PACKETSTORM: 164240

AFFECTED PRODUCTS

vendor:opensusemodel:leapscope:eqversion:42.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:f5model:nginxscope:gteversion:1.9.0

Trust: 1.0

vendor:f5model:nginxscope:ltversion:1.9.10

Trust: 1.0

vendor:f5model:nginxscope:gteversion:0.6.18

Trust: 1.0

vendor:applemodel:xcodescope:ltversion:13.0

Trust: 1.0

vendor:f5model:nginxscope:lteversion:1.8.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:15.10

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:nginxmodel:nginxscope:eqversion:1.9.9

Trust: 0.9

vendor:igor sysoevmodel:nginxscope:eqversion:1.9.10

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:ltversion:1.9.x

Trust: 0.8

vendor:novellmodel:leapscope:eqversion:42.1

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:15.10

Trust: 0.8

vendor:canonicalmodel:ubuntuscope:eqversion:14.04 lts

Trust: 0.8

vendor:debianmodel:gnu/linuxscope:eqversion:8.0

Trust: 0.8

vendor:nginxmodel:nginxscope:eqversion:1.9.4

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.9.2

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.9.8

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.9.6

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.9.1

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.9.0

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.9.5

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.9.7

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.9.3

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:1.3.16

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.15

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.14

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.11

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.18

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.17

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:0.6.18

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.6.1

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.6.0

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.9

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.8

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.7

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.6

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.5

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.4

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.2

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.12

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.11

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.10

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.1

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.5.0

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.4.3

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.4.1

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.9

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.8

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.7

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.6

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.5

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.4

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.3

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.2

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.13

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.12

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.10

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.3.0

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.9

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.8

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.7

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.6

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.5

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.4

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.3

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.2

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.19

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.16

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.15

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.14

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.13

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.12

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.11

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.1

Trust: 0.3

vendor:nginxmodel:nginxscope:eqversion:1.1.0

Trust: 0.3

vendor:ibmmodel:powerkvmscope:eqversion:3.1

Trust: 0.3

vendor:ibmmodel:powerkvmscope:eqversion:2.1

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:nginxmodel:nginxscope:neversion:1.9.10

Trust: 0.3

vendor:nginxmodel:nginxscope:neversion:1.8.1

Trust: 0.3

sources: BID: 82230 // JVNDB: JVNDB-2016-001744 // CNNVD: CNNVD-201602-058 // NVD: CVE-2016-0746

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-0746
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-0746
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201602-058
value: CRITICAL

Trust: 0.6

VULHUB: VHN-88256
value: HIGH

Trust: 0.1

VULMON: CVE-2016-0746
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-0746
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-88256
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0746
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-88256 // VULMON: CVE-2016-0746 // JVNDB: JVNDB-2016-001744 // CNNVD: CNNVD-201602-058 // NVD: CVE-2016-0746

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-88256 // JVNDB: JVNDB-2016-001744 // NVD: CVE-2016-0746

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 137908 // PACKETSTORM: 137518 // PACKETSTORM: 135684 // CNNVD: CNNVD-201602-058

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201602-058

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001744

PATCH

title:DSA-3473url:http://www.debian.org/security/2016/dsa-3473

Trust: 0.8

title:openSUSE-SU-2016:0371url:http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html

Trust: 0.8

title:Bug 1302588url:https://bugzilla.redhat.com/show_bug.cgi?id=1302588

Trust: 0.8

title:USN-2892-1url:http://www.ubuntu.com/usn/USN-2892-1/

Trust: 0.8

title:CVE-2016-0742, CVE-2016-0746, CVE-2016-0747url:http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html

Trust: 0.8

title:nginx resolver Remediation measures for reusing vulnerabilities after releaseurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=60055

Trust: 0.6

title:Ubuntu Security Notice: nginx vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2892-1

Trust: 0.1

title:Red Hat: CVE-2016-0746url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2016-0746

Trust: 0.1

title:Debian CVElist Bug Report Logs: nginx: resolver CVEs: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=10ec4e6c24845a17d787b01f883e17a7

Trust: 0.1

title:Amazon Linux AMI: ALAS-2016-655url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-655

Trust: 0.1

title:Symantec Security Advisories: SA115 : Multiple nginx DNS resolver vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=4df1d4c41a5a305df81d1cff15b6d5a3

Trust: 0.1

sources: VULMON: CVE-2016-0746 // JVNDB: JVNDB-2016-001744 // CNNVD: CNNVD-201602-058

EXTERNAL IDS

db:NVDid:CVE-2016-0746

Trust: 3.4

db:SECTRACKid:1034869

Trust: 1.8

db:JVNDBid:JVNDB-2016-001744

Trust: 0.8

db:CNNVDid:CNNVD-201602-058

Trust: 0.7

db:PACKETSTORMid:164240

Trust: 0.7

db:AUSCERTid:ESB-2021.3157

Trust: 0.6

db:BIDid:82230

Trust: 0.4

db:VULHUBid:VHN-88256

Trust: 0.1

db:VULMONid:CVE-2016-0746

Trust: 0.1

db:PACKETSTORMid:135738

Trust: 0.1

db:PACKETSTORMid:137908

Trust: 0.1

db:PACKETSTORMid:137518

Trust: 0.1

db:PACKETSTORMid:135684

Trust: 0.1

sources: VULHUB: VHN-88256 // VULMON: CVE-2016-0746 // BID: 82230 // JVNDB: JVNDB-2016-001744 // PACKETSTORM: 135738 // PACKETSTORM: 137908 // PACKETSTORM: 137518 // PACKETSTORM: 135684 // PACKETSTORM: 164240 // CNNVD: CNNVD-201602-058 // NVD: CVE-2016-0746

REFERENCES

url:https://security.gentoo.org/glsa/201606-06

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2016:1425

Trust: 1.9

url:http://www.ubuntu.com/usn/usn-2892-1

Trust: 1.9

url:https://bto.bluecoat.com/security-advisory/sa115

Trust: 1.8

url:https://bugzilla.redhat.com/show_bug.cgi?id=1302588

Trust: 1.8

url:https://support.apple.com/kb/ht212818

Trust: 1.8

url:http://www.debian.org/security/2016/dsa-3473

Trust: 1.8

url:http://seclists.org/fulldisclosure/2021/sep/36

Trust: 1.8

url:http://mailman.nginx.org/pipermail/nginx/2016-january/049700.html

Trust: 1.8

url:http://www.securitytracker.com/id/1034869

Trust: 1.8

url:http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0746

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0746

Trust: 0.8

url:https://support.apple.com/en-us/ht212818

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3157

Trust: 0.6

url:https://packetstormsecurity.com/files/164240/apple-security-advisory-2021-09-20-4.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2016-0746

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-0747

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2016-0742

Trust: 0.5

url:http://nginx.org/

Trust: 0.3

url:http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.10431541.1444954692.1454065053

Trust: 0.3

url:http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.85903129.1444954692.1454065053

Trust: 0.3

url:http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html?_ga=1.107423490.1444954692.1454065053

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=isg3t1024237

Trust: 0.3

url:https://support.asperasoft.com/hc/en-us/articles/229846687-security-bulletin-multiple-vulnerabilities-with-the-nginx-web-server-used-in-ibm-aspera-shares-1-9-2-earlier

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2016-4450

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/416.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/2892-1/

Trust: 0.1

url:https://www.securityfocus.com/bid/82230

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0742

Trust: 0.1

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0747

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-0746

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4450

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3587

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0746

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4450

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0747

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0742

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nginx/1.4.6-1ubuntu3.4

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nginx/1.9.3-1ubuntu1.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20372

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16843

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16845

Trust: 0.1

url:https://developer.apple.com/xcode/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16844

Trust: 0.1

url:https://support.apple.com/ht212818.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-7529

Trust: 0.1

sources: VULHUB: VHN-88256 // VULMON: CVE-2016-0746 // BID: 82230 // JVNDB: JVNDB-2016-001744 // PACKETSTORM: 135738 // PACKETSTORM: 137908 // PACKETSTORM: 137518 // PACKETSTORM: 135684 // PACKETSTORM: 164240 // CNNVD: CNNVD-201602-058 // NVD: CVE-2016-0746

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 82230

SOURCES

db:VULHUBid:VHN-88256
db:VULMONid:CVE-2016-0746
db:BIDid:82230
db:JVNDBid:JVNDB-2016-001744
db:PACKETSTORMid:135738
db:PACKETSTORMid:137908
db:PACKETSTORMid:137518
db:PACKETSTORMid:135684
db:PACKETSTORMid:164240
db:CNNVDid:CNNVD-201602-058
db:NVDid:CVE-2016-0746

LAST UPDATE DATE

2024-08-14T13:02:59.036000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-88256date:2021-11-10T00:00:00
db:VULMONid:CVE-2016-0746date:2021-09-22T00:00:00
db:BIDid:82230date:2016-10-26T00:01:00
db:JVNDBid:JVNDB-2016-001744date:2016-03-17T00:00:00
db:CNNVDid:CNNVD-201602-058date:2023-05-15T00:00:00
db:NVDid:CVE-2016-0746date:2021-12-16T18:43:07.100

SOURCES RELEASE DATE

db:VULHUBid:VHN-88256date:2016-02-15T00:00:00
db:VULMONid:CVE-2016-0746date:2016-02-15T00:00:00
db:BIDid:82230date:2016-01-29T00:00:00
db:JVNDBid:JVNDB-2016-001744date:2016-03-17T00:00:00
db:PACKETSTORMid:135738date:2016-02-12T19:22:00
db:PACKETSTORMid:137908date:2016-07-14T20:08:00
db:PACKETSTORMid:137518date:2016-06-17T23:50:23
db:PACKETSTORMid:135684date:2016-02-10T03:55:35
db:PACKETSTORMid:164240date:2021-09-22T16:28:58
db:CNNVDid:CNNVD-201602-058date:2016-01-29T00:00:00
db:NVDid:CVE-2016-0746date:2016-02-15T19:59:01.157