NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.

According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file     with a modification date in 1969 that causes an integer overflow (or a false modification date far in the     future), when encountered by the autoindex module. (CVE-2017-20005)

  - ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing     different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A     MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one     subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-     protocol attacks may be possible where the behavior of one protocol service may compromise the other at     the application layer. (CVE-2021-3618)

  - A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP     packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or     potential other impact. (CVE-2021-23017)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5109-1 advisory.

    It was discovered that nginx incorrectly handled files with certain modification dates. A remote attacker     could possibly use this issue to cause a denial of service or other unspecified impact.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the nginx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file     with a modification date in 1969 that causes an integer overflow (or a false modification date far in the     future), when encountered by the autoindex module. (CVE-2017-20005)

  - ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing     different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A     MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one     subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-     protocol attacks may be possible where the behavior of one protocol service may compromise the other at     the application layer. (CVE-2021-3618)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the nginx package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A security issue in nginx resolver was identified,     which might allow an attacker who is able to forge UDP     packets from the DNS server to cause 1-byte memory     overwrite, resulting in worker process crash or     potential other impact.(CVE-2021-23017)

  - NGINX before 1.13.6 has a buffer overflow for years     that exceed four digits, as demonstrated by a file with     a modification date in 1969 that causes an integer     overflow (or a false modification date far in the     future), when encountered by the autoindex     module.(CVE-2017-20005)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Jamie Landeg-Jones and Manfred Paul discovered a buffer overflow vulnerability in NGINX, a small, powerful, scalable web/proxy server.

NGINX has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.

For Debian 9 stretch, this problem has been fixed in version 1.10.3-1+deb9u7.

We recommend that you upgrade your nginx packages.

For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
154391	EulerOS 2.0 SP3 : nginx (EulerOS-SA-2021-2599)	Nessus	Huawei Local Security Checks	critical
154203	Ubuntu 16.04 ESM : nginx vulnerability (USN-5109-1)	Nessus	Ubuntu Local Security Checks	critical
153608	EulerOS 2.0 SP8 : nginx (EulerOS-SA-2021-2476)	Nessus	Huawei Local Security Checks	critical
153261	EulerOS 2.0 SP2 : nginx (EulerOS-SA-2021-2412)	Nessus	Huawei Local Security Checks	critical
150336	Debian DLA-2680-1 : nginx security update	Nessus	Debian Local Security Checks	critical

Detections

Analytics

CVE-2017-20005

critical

Tenable Plugins

critical

critical

critical

critical

critical