Описание
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
It was discovered that nginx did not limit recursion when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to use an excessive amount of resources if nginx enabled the resolver in its configuration.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Software Collections | nginx16-nginx | Will not fix | ||
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-nginx18-nginx | Fixed | RHSA-2016:1425 | 14.07.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS | rh-nginx18-nginx | Fixed | RHSA-2016:1425 | 14.07.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS | rh-nginx18-nginx | Fixed | RHSA-2016:1425 | 14.07.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-nginx18-nginx | Fixed | RHSA-2016:1425 | 14.07.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS | rh-nginx18-nginx | Fixed | RHSA-2016:1425 | 14.07.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS | rh-nginx18-nginx | Fixed | RHSA-2016:1425 | 14.07.2016 |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS2
Связанные уязвимости
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not pr ...
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
4.3 Medium
CVSS2