VULHUB ™

Bugraq ID: 36384 CVE ID：CVE-2009-2629 nginx是一款高性能的HTTP 和反向代理服务器。 nginx处理特殊构建的URIs存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序程序执行任意指令。 当处理特殊构建的URIs时ngx_http_parse_complex_uri()函数存在缓冲区下溢错误，可导致nginx服务器把URI中的数据在分配缓冲区前就写入到堆内存中，可导致以服务进程权限执行任意指令。 Igor Sysoev nginx 0.8.14 Igor Sysoev nginx 0.7.61 Igor Sysoev nginx 0.6.38 Igor Sysoev nginx 0.5.37 厂商解决方案 Debian linux用户可升级到如下版本： Debian Linux 4.0 ia-32 Debian nginx_0.4.13-2+etch2_i386.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_i386.deb Debian Linux 5.0 hppa Debian nginx_0.6.32-3+lenny2_hppa.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_hppa.deb Debian Linux 5.0 ia-64 Debian nginx_0.6.32-3+lenny2_ia64.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_ia64.deb Debian Linux 4.0 hppa Debian nginx_0.4.13-2+etch2_hppa.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_hppa.deb Debian Linux 4.0 sparc Debian nginx_0.4.13-2+etch2_sparc.deb...

Bugraq ID: 36384 CVE ID：CVE-2009-2629 nginx是一款高性能的HTTP 和反向代理服务器。 nginx处理特殊构建的URIs存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序程序执行任意指令。 当处理特殊构建的URIs时ngx_http_parse_complex_uri()函数存在缓冲区下溢错误，可导致nginx服务器把URI中的数据在分配缓冲区前就写入到堆内存中，可导致以服务进程权限执行任意指令。 Igor Sysoev nginx 0.8.14 Igor Sysoev nginx 0.7.61 Igor Sysoev nginx 0.6.38 Igor Sysoev nginx 0.5.37 厂商解决方案 Debian linux用户可升级到如下版本： Debian Linux 4.0 ia-32 Debian nginx_0.4.13-2+etch2_i386.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_i386.deb Debian Linux 5.0 hppa Debian nginx_0.6.32-3+lenny2_hppa.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_hppa.deb Debian Linux 5.0 ia-64 Debian nginx_0.6.32-3+lenny2_ia64.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_ia64.deb Debian Linux 4.0 hppa Debian nginx_0.4.13-2+etch2_hppa.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_hppa.deb Debian Linux 4.0 sparc Debian nginx_0.4.13-2+etch2_sparc.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_sparc.deb Debian Linux 4.0 s/390 Debian nginx_0.4.13-2+etch2_s390.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_s390.deb Debian Linux 5.0 arm Debian nginx_0.6.32-3+lenny2_arm.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_arm.deb Debian Linux 4.0 powerpc Debian nginx_0.4.13-2+etch2_powerpc.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_powerpc.deb Debian Linux 4.0 mipsel Debian nginx_0.4.13-2+etch2_mipsel.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_mipsel.deb Debian Linux 5.0 alpha Debian nginx_0.6.32-3+lenny2_alpha.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_alpha.deb Debian Linux 5.0 amd64 Debian nginx_0.6.32-3+lenny2_amd64.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_amd64.deb Debian Linux 5.0 ia-32 Debian nginx_0.6.32-3+lenny2_i386.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_i386.deb Debian Linux 5.0 mips Debian nginx_0.6.32-3+lenny2_mips.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_mips.deb Debian Linux 5.0 mipsel Debian nginx_0.6.32-3+lenny2_mipsel.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_mipsel.deb Debian Linux 5.0 powerpc Debian nginx_0.6.32-3+lenny2_powerpc.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_powerpc.deb Debian Linux 4.0 ia-64 Debian nginx_0.4.13-2+etch2_ia64.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_ia64.deb Debian Linux 4.0 mips Debian nginx_0.4.13-2+etch2_mips.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+et ch2_mips.deb Debian Linux 5.0 sparc Debian nginx_0.6.32-3+lenny2_sparc.deb http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+le nny2_sparc.deb