[Secure-testing-team] Bug#868109: nginx: CVE-2017-7529 Integer overflow in the range filter
Christos Trochalakis
ctrochalakis at debian.org
Wed Jul 12 05:05:37 UTC 2017
Source: nginx
Severity: important
Tags: upstream security
A security issue was identified in nginx range filter. A specially
crafted request might result in an integer overflow and incorrect
processing of ranges, potentially resulting in sensitive information
leak (CVE-2017-7529).
When using nginx with standard modules this allows an attacker to
obtain a cache file header if a response was returned from cache.
In some configurations a cache file header may contain IP address
of the backend server or other sensitive information.
Besides, with 3rd party modules it is potentially possible that
the issue may lead to a denial of service or a disclosure of
a worker process memory. No such modules are currently known though.
The issue affects nginx 0.5.6 - 1.13.2.
The issue is fixed in nginx 1.13.3, 1.12.1.
For older versions, the following configuration can be used
as a temporary workaround:
max_ranges 1;
Patch for the issue can be found here:
http://nginx.org/download/patch.2017.ranges.txt
Announcement: http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
More information about the Secure-testing-team
mailing list