Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 468870 (CVE-2013-2028)

Summary: <www-servers/nginx-1.4.1-r2: stack-based buffer overflow (CVE-2013-{2028,2070})
Product: Gentoo Security Reporter: Johan Bergström <bugs>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: bugzie, dev-zero, jwbraun, mrueg, robink, stampit, tobbez
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html
Whiteboard: B1 [glsa]
Package list:
Runtime testing required: ---

Description Johan Bergström 2013-05-07 13:22:28 UTC 
Greg MacManus, of iSIGHT Partners Labs, found a security problem
in several recent versions of nginx.  A stack-based buffer
overflow might occur in a worker process while handling a
specially crafted request, potentially resulting in arbitrary code
execution (CVE-2013-2028).

The problem affects nginx 1.3.9 - 1.4.0.

The problem is fixed in nginx 1.5.0, 1.4.1.

Reference site: http://nginx.org/en/security_advisories.html
CVE url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2028


Maintainers: I have tested renaming nginx-1.4.0-r1 to nginx-1.4.1 which worked well in my setup.
Comment 1 Benedikt Böhm (RETIRED) gentoo-dev 2013-05-08 06:27:24 UTC 
*** Bug 468962 has been marked as a duplicate of this bug. ***
Comment 2 Tiziano Müller (RETIRED) gentoo-dev 2013-05-08 07:09:42 UTC 
1.4.1 is now in the tree
Comment 3 Agostino Sarubbo gentoo-dev 2013-05-08 08:27:28 UTC 
(In reply to comment #2)
> 1.4.1 is now in the tree

I'd like to wait before close the bug because of this: 
http://www.openwall.com/lists/oss-security/2013/05/07/4
Comment 4 Agostino Sarubbo gentoo-dev 2013-05-13 18:21:48 UTC 
Arches, please test and mark stable:
=www-servers/nginx-1.4.1-r2
Target keywords : "amd64 x86"
Comment 5 Agostino Sarubbo gentoo-dev 2013-05-13 19:52:27 UTC 
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-05-13 19:52:41 UTC 
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2013-05-13 20:18:49 UTC 
Old removed, security please go ahead with the glsa
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2013-08-31 18:45:33 UTC 
CVE-2013-2070 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070):
  http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0
  through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows
  remote attackers to cause a denial of service (crash) and obtain sensitive
  information from worker process memory via a crafted proxy response, a
  similar vulnerability to CVE-2013-2028.

CVE-2013-2028 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028):
  The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9
  through 1.4.0 allows remote attackers to cause a denial of service (crash)
  and execute arbitrary code via a chunked Transfer-Encoding request with a
  large chunk size, which triggers an integer signedness error and a
  stack-based buffer overflow.
Comment 9 Sean Amoss (RETIRED) gentoo-dev Security 2013-09-30 22:53:25 UTC 
GLSA request filed.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2013-10-06 22:11:56 UTC 
This issue was resolved and addressed in
 GLSA 201310-04 at http://security.gentoo.org/glsa/glsa-201310-04.xml
by GLSA coordinator Sean Amoss (ackle).