nginx 1.0.7 - 1.0.14 / 1.1.3 - 1.1.18 ngx_http_mp4_module Buffer Overflow

medium Nessus Plugin ID 58750

Synopsis

The web server on the remote host is affected by a buffer overflow vulnerability.

Description

The remote web server is running nginx, a lightweight, high performance web server / reverse proxy and email (IMAP/POP3) proxy.

According to its Server response header, the installed version of nginx is between 1.0.7 and 1.0.14 or 1.1.3 and 1.1.18 and is, therefore, affected by a buffer overflow vulnerability.

An error in the module 'ngx_http_mp4_module' can allow a specially crafted mp4 file to cause a buffer overflow and can potentially allow arbitrary code execution.

Note that successful exploitation requires that the 'mp4' configuration option is enabled and the module 'ngx_http_mp4_module' is enabled. Nessus has not checked for either of these settings.

Solution

Upgrade to version 1.0.15 / 1.1.19 or later.

See Also

http://nginx.net/CHANGES

http://nginx.org/en/CHANGES-1.0

http://nginx.org/en/security_advisories.html

Plugin Details

Severity: Medium

ID: 58750

File Name: nginx_1_0_15.nasl

Version: 1.17

Type: combined

Agent: unix

Family: Web Servers

Published: 4/13/2012

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2012-2089

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:nginx:nginx

Required KB Items: installed_sw/nginx

Exploit Ease: No known exploits are available

Patch Publication Date: 4/12/2012

Vulnerability Publication Date: 4/12/2012

Reference Information

CVE: CVE-2012-2089

BID: 52999