SB2021060241 - Fedora EPEL 7 update for nginx

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021060241

SB2021060241 - Fedora EPEL 7 update for nginx

Published: June 2, 2021

Security Bulletin ID SB2021060241
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Privilege escalation (CVE-ID: CVE-2016-1247)

The vulnerability allows a local user to gain elevated privileges on the target system.
The weakness is due to improper handling of log file permissions in the '/var/log/nginx' directory by nginx packages. A locall attacker with 'www-data' user privileges can obtain root privileges on the target system.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.

2) Off-by-one (CVE-ID: CVE-2021-23017)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an off-by-one error within the ngx_resolver_copy() function when processing DNS responses. A remote attacker can trigger an off-by-one error, write a dot character (‘.’, 0x2E) out of bounds in a heap allocated buffer and execute arbitrary code on the system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is configured. A specially crafted packet allows overwriting the least significant byte of next heap chunk metadata with 0x2E.


Remediation

Install update from vendor's website.

References