exploit the possibilities
Showing 1 - 12 of 12 RSS Feed

CVE-2021-23017

Status Candidate

Overview

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

Related Files

Red Hat Security Advisory 2021-4618-01
Posted Nov 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4618-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include buffer overflow, denial of service, information leakage, integer overflow, out of bounds read, and path sanitization vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-36385, CVE-2021-0512, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22946, CVE-2021-22947, CVE-2021-23017, CVE-2021-32626, CVE-2021-32627, CVE-2021-32628, CVE-2021-32672, CVE-2021-32675, CVE-2021-32687, CVE-2021-32690, CVE-2021-32803, CVE-2021-32804, CVE-2021-33623, CVE-2021-33928, CVE-2021-33929, CVE-2021-33930, CVE-2021-33938, CVE-2021-36222, CVE-2021-3656, CVE-2021-3711, CVE-2021-3712, CVE-2021-3733
MD5 | 622019ce8af50b9e6b49c8f96cfcb87d
Red Hat Security Advisory 2021-3925-01
Posted Oct 20, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3925-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and provide security updates. Issues addressed include denial of service, information leakage, integer overflow, and out of bounds read vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2016-4658, CVE-2020-25648, CVE-2021-21670, CVE-2021-21671, CVE-2021-22543, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-23017, CVE-2021-23840, CVE-2021-23841, CVE-2021-25741, CVE-2021-32626, CVE-2021-32627, CVE-2021-32628, CVE-2021-32672, CVE-2021-32675, CVE-2021-32687, CVE-2021-32690, CVE-2021-36222, CVE-2021-3653, CVE-2021-3656, CVE-2021-37576, CVE-2021-37750, CVE-2021-41099
MD5 | c88f32f1bc609ae5ac195ed8215b8993
Red Hat Security Advisory 2021-3873-01
Posted Oct 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3873-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console — with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide bug fixes and security fixes. Issues addressed include bypass, denial of service, integer overflow, and out of bounds read vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-23017, CVE-2021-23434, CVE-2021-32626, CVE-2021-32627, CVE-2021-32628, CVE-2021-32672, CVE-2021-32675, CVE-2021-32687, CVE-2021-36222, CVE-2021-3653, CVE-2021-37750, CVE-2021-41099
MD5 | a0131edc9c09e60e7cb093a0a809dc54
Red Hat Security Advisory 2021-3653-01
Posted Sep 24, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3653-01 - Red Hat Advanced Cluster Management 2.1.11 security fix and container updates are available.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-27777, CVE-2021-22555, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-23017, CVE-2021-29154, CVE-2021-29650, CVE-2021-31535, CVE-2021-32399, CVE-2021-36222, CVE-2021-3653, CVE-2021-37750
MD5 | ef43f11cebe0cd0e7f13da5997e4271e
Red Hat Security Advisory 2021-2290-01
Posted Jun 8, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2290-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2021-23017
MD5 | 26016b477f5da28d5da72cb174382244
Red Hat Security Advisory 2021-2278-01
Posted Jun 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2278-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2021-23017
MD5 | 2c2f10d284d4920cd331e487e4186596
Red Hat Security Advisory 2021-2259-01
Posted Jun 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2259-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2021-23017
MD5 | c022d6a685c4da17a916f5ea74df4c4f
Red Hat Security Advisory 2021-2258-01
Posted Jun 7, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2258-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2021-23017
MD5 | 5f82b38331d93b1a18c80aa73a2c54f0
Ubuntu Security Notice USN-4967-2
Posted May 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4967-2 - USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-23017
MD5 | 80cc8e13b352e34dd9a56edc56696000
Gentoo Linux Security Advisory 202105-38
Posted May 27, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-38 - A vulnerability in nginx could lead to remote code execution. Versions less than 1.21.0 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
advisories | CVE-2021-23017
MD5 | 1d166f7e28c58ba00613c75ab288fa9d
nginx 1.20.0 DNS Resolver Off-By-One Heap Write
Posted May 26, 2021
Authored by Markus Vervier, Eric Sesterhenn, Luis Merino

An off-by-one error in ngx_resolver_copy() while processing DNS responses allows a network attacker to write a dot character ('.', 0x2E) out of bounds in a heap allocated buffer. The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is configured. A specially crafted packet allows overwriting the least significant byte of next heap chunk metadata with 0x2E. A network attacker capable of providing DNS responses to a nginx server can achieve Denial-of-Service and likely remote code execution. Due to the lack of DNS spoofing mitigations in nginx and the fact that the vulnerable function is called before checking the DNS Transaction ID, remote attackers might be able to exploit this vulnerability by flooding the victim server with poisoned DNS responses in a feasible amount of time.

tags | exploit, remote, spoof, code execution
advisories | CVE-2021-23017
MD5 | cc733efc4bba424a92fb952d1eefd927
Ubuntu Security Notice USN-4967-1
Posted May 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4967-1 - Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-23017
MD5 | b350ad62ada4bdd5b64bf7a6677cd315
Page 1 of 1
Back1Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    23 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close