[Secure-testing-team] Bug#812806: nginx: resolver CVEs: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747
Christos Trochalakis
yatiohi at ideopolis.gr
Tue Jan 26 17:58:03 UTC 2016
Source: nginx
Severity: important
Tags: security upstream
Several problems in nginx resolver were identified, which might
allow an attacker to cause worker process crash, or might have
potential other impact:
- Invalid pointer dereference might occur during DNS server response
processing, allowing an attacker who is able to forge UDP
packets from the DNS server to cause worker process crash
(CVE-2016-0742).
- Use-after-free condition might occur during CNAME response
processing. This problem allows an attacker who is able to trigger
name resolution to cause worker process crash, or might
have potential other impact (CVE-2016-0746).
- CNAME resolution was insufficiently limited, allowing an attacker who
is able to trigger arbitrary name resolution to cause excessive resource
consumption in worker processes (CVE-2016-0747).
The problems affect nginx 0.6.18 - 1.9.9 if the "resolver" directive
is used in a configuration file.
The problems are fixed in nginx 1.9.10, 1.8.1.
http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
More information about the Secure-testing-team
mailing list