Description

Greg MacManus, of iSIGHT Partners Labs, found a security problem in several recent versions of nginx. A stack-based buffer overflow might occur in a worker process while handling a specially crafted request, potentially resulting in arbitrary code execution (CVE-2013-2028).

The problem affects nginx 1.3.9 - 1.4.0.
The problem is fixed in nginx 1.5.0, 1.4.1.

Remediation

Patch for the problem can be found here:
http://nginx.org/download/patch.2013.chunked.txt

As a temporary workaround the following configuration can be used in each server{} block:

    if ($http_transfer_encoding ~* chunked) {
        return 444;
    }

References

nginx security advisory (CVE-2013-2028)

Related Vulnerabilities

Oracle Application Server CVE-2008-7233 Vulnerability (CVE-2008-7233)

IBM RTC Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-29844)

Contao Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1297)

WordPress Plugin Checkout Field Editor for WooCommerce (Pro) Arbitrary File Deletion (3.6.2)

OpenSSL Resource Management Errors Vulnerability (CVE-2012-0027)

Severity

High

Classification

CVE-2013-2028 CWE-189 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Known Vulnerabilities Missing Update Buffer Overflow Code Execution