nginx 1.5.10 SPDY Memory Corruption

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by a memory corruption
vulnerability.

Description :

According to the self-reported version in the server response header,
the installed nginx version is 1.5.10. It is, therefore, affected by a
memory corruption vulnerability.

A flaw exists with the SPDY module implementation, where worker
process memory could be corrupted via a specially crafted request.
This could allow a remote attacker to execute arbitrary code.

Note that Nessus has not tested for this issue or otherwise determined
if a patch is applied but has instead relied only on the
application's self-reported version number.

See also :

http://nginx.org/en/security_advisories.html
http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html
http://nginx.org/download/patch.2014.spdy.txt
http://nginx.org/en/CHANGES

Solution :

Apply the patch manually or upgrade to nginx 1.5.11 or later.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.4
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 73894 ()

Bugtraq ID: 67507

CVE ID: CVE-2014-0088