Bug 10819

Summary: Multiple vulnerabilities in nginx (CVE-2013-2028, CVE-2013-2070)
Product: Mageia Reporter: Oden Eriksson <oe>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: luigiwalser
Version: 3   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard:
Source RPM: nginx CVE:
Status comment:

Description Oden Eriksson 2013-07-23 07:33:41 CEST 
======================================================
Name: CVE-2013-2028
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2028
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[nginx-announce] 20130507 nginx security advisory (CVE-2013-2028)
Reference: URL:http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html
Reference: MISC:http://nginx.org/download/patch.2013.chunked.txt
Reference: MISC:http://packetstormsecurity.com/files/121675/Nginx-1.3.9-1.4.0-Denial-Of-Service.html
Reference: MISC:http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/
Reference: MISC:https://github.com/rapid7/metasploit-framework/pull/1834
Reference: OSVDB:93037
Reference: URL:http://www.osvdb.org/93037

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx
1.3.9 through 1.4.0 allows remote attackers to cause a denial of
service (crash) and execute arbitrary code via a chunked
Transfer-Encoding request with a large chunk size, which triggers an
integer signedness error and a stack-based buffer overflow.



======================================================
Name: CVE-2013-2070
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2070
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130219
Category: 
Reference: MLIST:[nginx-announce] 20130513 nginx security advisory (CVE-2013-2070)
Reference: URL:http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html
Reference: MLIST:[oss-security] 20130507 Re: nginx security advisory (CVE-2013-2028)
Reference: URL:http://seclists.org/oss-sec/2013/q2/291
Reference: MLIST:[oss-security] 20130513 nginx security advisory (CVE-2013-2070)
Reference: URL:http://www.openwall.com/lists/oss-security/2013/05/13/3
Reference: MISC:http://nginx.org/download/patch.2013.proxy.txt
Reference: MISC:https://bugzilla.redhat.com/show_bug.cgi?id=962525
Reference: BID:59824
Reference: URL:http://www.securityfocus.com/bid/59824
Reference: XF:nginx-cve20132070-dos(84172)
Reference: URL:http://xforce.iss.net/xforce/xfdb/84172

http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and
1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP
servers, allows remote attackers to cause a denial of service (crash)
and obtain sensitive information from worker process memory via a
crafted proxy response, a similar vulnerability to CVE-2013-2028.


Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2013-07-23 15:04:44 CEST 
CVE-2013-2070 already fixed in Bug 10085.

CVE-2013-2028 does not affect Mageia (we have version 1.2.9).

*** This bug has been marked as a duplicate of bug 10085 ***

Status: NEW => RESOLVED
CC: (none) => luigiwalser
Resolution: (none) => DUPLICATE