nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)

Maxim Dounin mdounin at mdounin.ru
Tue Jan 26 16:32:12 UTC 2016


Hello!

Several problems in nginx resolver were identified, which might
allow an attacker to cause worker process crash, or might have
potential other impact:

- Invalid pointer dereference might occur during DNS server response
  processing, allowing an attacker who is able to forge UDP
  packets from the DNS server to cause worker process crash
  (CVE-2016-0742).

- Use-after-free condition might occur during CNAME response
  processing.  This problem allows an attacker who is able to trigger
  name resolution to cause worker process crash, or might
  have potential other impact (CVE-2016-0746).

- CNAME resolution was insufficiently limited, allowing an attacker who
  is able to trigger arbitrary name resolution to cause excessive resource
  consumption in worker processes (CVE-2016-0747).

The problems affect nginx 0.6.18 - 1.9.9 if the "resolver" directive
is used in a configuration file.

The problems are fixed in nginx 1.9.10, 1.8.1.


-- 
Maxim Dounin
http://nginx.org/



More information about the nginx mailing list