#VU76699 Integer overflow in nginx - CVE-2017-20005


Vulnerability identifier: #VU76699

Vulnerability risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-20005

CWE-ID: CWE-190

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
nginx
Server applications / Web servers

Vendor: NGINX

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the ngx_gmtime() function when processing dates within the autoindex module. A remote attacker with the ability to pass a file to the server with a specially crafted timestamp with a year prior to 1970 and after the year 10000, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

nginx: 1.13.0 - 1.13.5


External links
https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b
https://trac.nginx.org/nginx/ticket/1368
https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf
https://nginx.org/en/CHANGES
https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html
https://security.netapp.com/advisory/ntap-20210805-0006/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability