You can now find Cyber Kendra on Google News | Telegram

Critical Vulnerability Fixed in Nginx Web Server Software

A vulnerability in the Nginx resolver allows an attacker to gain complete control over the attacked system.

Nginx has released a hotfix for a critical vulnerability in its DNS resolution implementation. A vulnerability ( CVE-2021-23017 ) in the Nginx resolver allows an attacker to gain complete control over the attacked system, and a publicly available exploit already exists for it.

The problem exists due to an off-by-one error in the ngx_resolver_copy () function while processing DNS responses. A remote unauthorized attacker could throw an off-by-one error, write a period character ('.', 0x2E) outside of the allocated memory area in the buffer, and execute the code.

The vulnerability could be caused by a DNS response to a DNS query from nginx when configuring a resolver primitive. A specially configured package allows you to overwrite the least significant metadata byte of the next heap block with 0x2E and execute the code.

The issue affects NGINX Open Source, NGINX Plus and NGINX Ingress Controller. The fix is ​​included in the following software versions: NGINX Open Source 1.20.1 (stable version), NGINX Open Source 1.21.0 (main branch), NGINX Plus R23 P1 and NGINX Plus R24 P1. Corrected versions of NGINX Open Source and NGINX Plus are included in the following versions of NGINX Ingress Controller: NGINX Ingress Controller 1.11.2 - NGINX Plus R23 P1, NGINX Ingress Controller 1.11.3 - NGINX Open Source 1.21.0 and NGINX Plus R23 P1.

Nginx also patches an encryption vulnerability in the NGINX Controller NAAS API (CVE-2021-23020), an NGINX Controller credential disclosure vulnerability (CVE-2021-23019), and an information disclosure vulnerability (CVE-2021-23021).

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.