2022年4月12日星期二

Nginx ldap-auth Remote Code Execution Vulnerability

Release Date: 12 Apr 2022

RISK: Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

A vulnerability was identified in Nginx ldap-auth. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

Impact

  • Remote Code Execution

System / Technologies affected

  • Nginx with ldap‑auth daemon
  • Nginx Plus with ldap‑auth daemon

 

Note: Deployments of the LDAP reference implementation are affected by the vulnerability if any of the following conditions apply. 

 

  1. Command-line parameters are used to configure the Python daemon
  2. There are unused, optional configuration parameters
  3. LDAP authentication depends on specific group membership

Solutions

Nginx has suggested mitigation options to protect customers.
https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/

Vulnerability Identifier

Note: No CVE information is available for this vulnerability

Source

Related Link

沒有留言:

發佈留言

訂閱: 發佈留言 (Atom)

思科產品多個漏洞

思科產品多個漏洞 發佈日期: 2025年05月09日 風險: 中度風險 類型: 保安軟件及應用設備 - 保安軟件及應用設備 於思科產品發現多個漏...

  • Ubuntu Linux 核心多個漏洞
    Ubuntu Linux 核心多個漏洞 發佈日期: 2025年03月03日 風險: 中度風險 類型: 操作系統 - LINUX 於 Ubuntu...
  • Debian Linux 內核多個漏洞
    Debian Linux 內核多個漏洞 發佈日期: 2025年04月14日 風險: 中度風險 類型: 操作系統 - LINUX 於 Debian...