Nginx Chunked Transfer Encoding Stack Based Buffer Overflow Vulnerability Network Vulnerability

Summary

The host is running Nginx and is prone stack buffer overflow vulnerability.

Impact

Successful exploitation will let the remote unauthenticated attackers to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. Impact Level: System/Application

Solution

Upgrade to Nginx version 1.5.0, 1.4.1 or later, http://nginx.org/

Insight

A stack-based buffer overflow will occur in a worker process while handling certain chunked transfer encoding requests.

Affected

Nginx version 1.3.9 through 1.4.0

References

http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html
http://packetstormsecurity.com/files/121675
http://seclists.org/oss-sec/2013/q2/291
http://www.exploit-db.com/exploits/25499

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-2028
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apple Safari 'CSS' Buffer Overflow Vulnerability (Win) - Dec09
CCProxy CONNECTION Request Buffer Overflow Vulnerability
Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability
Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Windows)
Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Mac OS X)

Take action and discover your vulnerabilities