Russian Vulnerability Scanner Database

Back to List

BDU:2021-02749

Scores

EPSS

0.000none0.0%
0%20%40%60%80%100%

Percentile: 0.0%

CVSS

7.7high3.x
0246810

CVSS Score: 7.7/10

All CVSS Scores

CVSS 3.x
7.7

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

CVSS 2.0
7.3

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:P

Description

Уязвимость функции ngx_resolver_copy() сервера nginx связана с ошибкой единичного смещения в результате записи символа точки (‘.’, 0x2E) за пределы буфера кучи. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код или вызвать отказ в обслуживании путем отправки специально созданных UDP-пакетов

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

bdu

Related Vulnerabilities

CVE-2021-23017

Exploits

Exploit ID: 50973

Source: exploitdb

URL: https://www.exploit-db.com/exploits/50973

Exploit ID: CVE-2021-23017

Source: github-poc

URL: https://github.com/6lj/EVIL-CVE-2021-23017-Update-2025

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23017
http://nginx.org/en/security_advisories.html
https://redos.red-soft.ru/updatesec/
https://www.cybersecurity-help.cz/vdb/SB2021052543
https://www.opennet.ru/opennews/art.shtml?num=55208
https://access.redhat.com/security/cve/cve-2021-23017
https://ubuntu.com/security/notices/USN-4967-1
https://ubuntu.com/security/notices/USN-4967-2
https://security-tracker.debian.org/tracker/CVE-2021-23017
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://redos.red-soft.ru/support/secure/uyazvimosti/udalennoe-vypolnenie-koda-v-nginx-cve-2021-23017/
https://www.oracle.com/security-alerts/cpuoct2021.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://altsp.su/obnovleniya-bezopasnosti/

Recommendations

Source: bdu

Использование рекомендаций:
Для nginx:
http://nginx.org/en/security_advisories.html

Для РЕД ОС:
http://repo.red-soft.ru/redos/7.2c/x86_64/updates/

Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2021-23017

Для Ubuntu:
https://ubuntu.com/security/notices/USN-4967-1
https://ubuntu.com/security/notices/USN-4967-2

Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2021-23017

Для ОСОН Основа:

Обновление программного обеспечения nginx до версии 1.14.2-2+deb10u4

Для ОС ОН «Стрелец»:

Обновление программного обеспечения nginx до версии 1.10.3-1+deb9u7

Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/

Для продуктов Oracle:
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html

Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства

URL: https://bdu.fstec.ru/vul/2021-02749

Vulnerable Software (345)

Type: Configuration

Vendor: nginx inc.

Product: nginx

Operating System: ubuntu 14.04 ESM

Trait: 
{  "version_end_excluding": "1.20.1",  "version_start_including": "0.6.18"}

Source: bdu

Type: Configuration

Vendor: nginx inc.

Product: nginx

Operating System: strelets *

Trait: 
{  "version_end_excluding": "1.20.1",  "version_start_including": "0.6.18"}

Source: bdu

Type: Configuration

Vendor: nginx inc.

Product: nginx

Operating System: осон основа оnyx *

Trait: 
{  "version_end_excluding": "1.20.1",  "version_start_including": "0.6.18"}

Source: bdu

Type: Configuration

Vendor: nginx inc.

Product: nginx

Operating System: ubuntu 20.04 LTS

Trait: 
{  "version_end_excluding": "1.20.1",  "version_start_including": "0.6.18"}

Source: bdu

Type: Configuration

Vendor: nginx inc.

Product: nginx

Operating System: fedora 33

Trait: 
{  "version_end_excluding": "1.20.1",  "version_start_including": "0.6.18"}

Source: bdu

Type: Configuration

Vendor: nginx inc.

Product: nginx

Operating System: red hat enterprise linux 8

Trait: 
{  "version_end_excluding": "1.20.1",  "version_start_including": "0.6.18"}

Source: bdu

Type: Configuration

Vendor: nginx inc.

Product: nginx

Operating System: debian gnu/linux 10

Trait: 
{  "version_end_excluding": "1.20.1",  "version_start_including": "0.6.18"}

Source: bdu

Type: Configuration

Vendor: nginx inc.

Product: nginx

Operating System: ubuntu 16.04 ESM

Trait: 
{  "version_end_excluding": "1.20.1",  "version_start_including": "0.6.18"}

Source: bdu

Type: Configuration

Vendor: nginx inc.

Product: nginx

Operating System: altlinux 8

Trait: 
{  "version_end_excluding": "1.20.1",  "version_start_including": "0.6.18"}

Source: bdu

Type: Configuration

Vendor: nginx inc.

Product: nginx

Operating System: debian gnu/linux 9

Trait: 
{  "version_end_excluding": "1.20.1",  "version_start_including": "0.6.18"}

Source: bdu

Type: Configuration

Vendor: nginx inc.

Product: nginx

Operating System: ubuntu 18.04 LTS

Trait: 
{  "version_end_excluding": "1.20.1",  "version_start_including": "0.6.18"}

Source: bdu

Type: Configuration

Vendor: nginx inc.

Product: nginx

Operating System: redos 7.2

Trait: 
{  "version_end_excluding": "1.20.1",  "version_start_including": "0.6.18"}

Source: bdu

Type: Configuration

Vendor: nginx inc.

Product: nginx

Operating System: ubuntu 20.10

Trait: 
{  "version_end_excluding": "1.20.1",  "version_start_including": "0.6.18"}

Source: bdu

Type: Configuration

Vendor: nginx inc.

Product: nginx

Operating System: ubuntu 21.04

Trait: 
{  "version_end_excluding": "1.20.1",  "version_start_including": "0.6.18"}

Source: bdu

Type: Configuration

Vendor: nginx inc.

Product: nginx

Operating System: fedora 34

Trait: 
{  "version_end_excluding": "1.20.1",  "version_start_including": "0.6.18"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: blockchain platform

Operating System: ubuntu 14.04 ESM

Trait: 
{  "version_end_excluding": "21.1.2"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: blockchain platform

Operating System: strelets *

Trait: 
{  "version_end_excluding": "21.1.2"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: blockchain platform

Operating System: осон основа оnyx *

Trait: 
{  "version_end_excluding": "21.1.2"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: blockchain platform

Operating System: ubuntu 20.04 LTS

Trait: 
{  "version_end_excluding": "21.1.2"}

Source: bdu

Type: Configuration

Vendor: oracle corp.

Product: blockchain platform

Operating System: fedora 33

Trait: 
{  "version_end_excluding": "21.1.2"}

Source: bdu