Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 468870 (CVE-2013-2028) - <www-servers/nginx-1.4.1-r2: stack-based buffer overflow (CVE-2013-{2028,2070})
Summary: <www-servers/nginx-1.4.1-r2: stack-based buffer overflow (CVE-2013-{2028,2070})
Status: RESOLVED FIXED
Alias: CVE-2013-2028
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major with 2 votes (vote)
Assignee: Gentoo Security
URL: http://mailman.nginx.org/pipermail/ng...
Whiteboard: B1 [glsa]
Keywords:
: 468962 (view as bug list)
Depends on:
Blocks:
 
Reported: 2013-05-07 13:22 UTC by Johan Bergström
Modified: 2016-08-11 11:13 UTC (History)
7 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johan Bergström 2013-05-07 13:22:28 UTC
Greg MacManus, of iSIGHT Partners Labs, found a security problem
in several recent versions of nginx.  A stack-based buffer
overflow might occur in a worker process while handling a
specially crafted request, potentially resulting in arbitrary code
execution (CVE-2013-2028).

The problem affects nginx 1.3.9 - 1.4.0.

The problem is fixed in nginx 1.5.0, 1.4.1.

Reference site: http://nginx.org/en/security_advisories.html
CVE url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2028


Maintainers: I have tested renaming nginx-1.4.0-r1 to nginx-1.4.1 which worked well in my setup.
Comment 1 Benedikt Böhm (RETIRED) gentoo-dev 2013-05-08 06:27:24 UTC
*** Bug 468962 has been marked as a duplicate of this bug. ***
Comment 2 Tiziano Müller gentoo-dev 2013-05-08 07:09:42 UTC
1.4.1 is now in the tree
Comment 3 Agostino Sarubbo gentoo-dev 2013-05-08 08:27:28 UTC
(In reply to comment #2)
> 1.4.1 is now in the tree

I'd like to wait before close the bug because of this: 
http://www.openwall.com/lists/oss-security/2013/05/07/4
Comment 4 Agostino Sarubbo gentoo-dev 2013-05-13 18:21:48 UTC
Arches, please test and mark stable:
=www-servers/nginx-1.4.1-r2
Target keywords : "amd64 x86"
Comment 5 Agostino Sarubbo gentoo-dev 2013-05-13 19:52:27 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2013-05-13 19:52:41 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2013-05-13 20:18:49 UTC
Old removed, security please go ahead with the glsa
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2013-08-31 18:45:33 UTC
CVE-2013-2070 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2070):
  http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0
  through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows
  remote attackers to cause a denial of service (crash) and obtain sensitive
  information from worker process memory via a crafted proxy response, a
  similar vulnerability to CVE-2013-2028.

CVE-2013-2028 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2028):
  The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9
  through 1.4.0 allows remote attackers to cause a denial of service (crash)
  and execute arbitrary code via a chunked Transfer-Encoding request with a
  large chunk size, which triggers an integer signedness error and a
  stack-based buffer overflow.
Comment 9 Sean Amoss gentoo-dev Security 2013-09-30 22:53:25 UTC
GLSA request filed.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2013-10-06 22:11:56 UTC
This issue was resolved and addressed in
 GLSA 201310-04 at http://security.gentoo.org/glsa/glsa-201310-04.xml
by GLSA coordinator Sean Amoss (ackle).