Internet threat level: 1
Home→Descriptions→SA48827
nginx ngx_http_mp4_module Module Buffer Overflow Vulnerability
| Secunia ID | |
| CVE-ID | |
| Release Date |
13 Apr 2012 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
nginx 1.0.x |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
A vulnerability has been reported in nginx, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error within the ngx_http_mp4_module module when parsing certain atoms and can be exploited to cause a buffer overflow via a specially crafted MP4 file placed on the server. Successful exploitation may allow execution of arbitrary code but requires that ngx_http_mp4_module module is enabled and the "mp4" directive is configured. The vulnerability is reported in versions 1.1.3 through 1.1.18 and 1.0.7 through 1.0.14. |
| Solution |
Update to version 1.1.19 or 1.0.15. |
| Reported by |
The vendor credits Matthew Daley. |
| Original Advisory |
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.