Join the community today
Become a Member

Nginx [nginx-announce] nginx security advisory (CVE-2016-4450)

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, Jun 1, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Hello!

    A problem was identified in nginx code responsible for saving
    client request body to a temporary file. A specially crafted request
    might result in worker process crash due to a NULL pointer dereference
    while writing client request body to a temporary file (CVE-2016-4450).

    The problem affects nginx 1.3.9 - 1.11.0.


    The problem is fixed in nginx 1.11.1, 1.10.1.

    Patch for nginx 1.9.13 - 1.11.0 can be found here:

    http://nginx.org/download/patch.2016.write.txt

    Patch for older nginx versions (1.3.9 - 1.9.12):

    http://nginx.org/download/patch.2016.write2.txt


    --
    Maxim Dounin
    http://nginx.org/

    _______________________________________________
    nginx-announce mailing list
    nginx-announce@nginx.org
    http://mailman.nginx.org/mailman/listinfo/nginx-announce

    Continue reading...
     
  2. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    security update time

    run centmin.sh menu option 4 and specify 1.11.1 to update yourself folks !

    Code (Text):
    ./centmin.sh 
    
    --------------------------------------------------------
         Centmin Mod Menu 123.09beta01 centminmod.com    
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2/5.5 & 10.x Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install ioping.sh vbtechsupport.com/1239/
    14). SELinux disable
    15). Install/Reinstall ImagicK PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2...
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Install/Re-Install
    21). Update - Nginx + PHP-FPM + Siege
    22). Add Wordpress Nginx vhost + Cache Plugin
    23). Update Centmin Mod Code Base
    24). Exit
    --------------------------------------------------------
    Enter option [ 1 - 24 ] 4
    --------------------------------------------------------
    

    Code (Text):
    Do you want to run YUM install checks ?  [y/n]
    
    This will increase your upgrade duration time wise.
    Check the change log centminmod.com/changelog.html
    to see if any Nginx or PHP related new additions
    which require checking YUM prequisites are met.
    If no new additions made, you can skip the 
    YUM install check to speed up upgrade time.
    
     [y/n]: n
    **********************************************************************
    * Nginx Update script - Included in Centmin Extras
    * Version: 1.2.3-eva2000.09.001 - Date: 30/04/2016 - Copyright 2011-2016 CentminMod.com
    **********************************************************************
    
    This software comes with no warranty of any kind. You are free to use
    it for both personal and commercial use as licensed under the GPL.
    
    Nginx Upgrade - Would you like to continue? [y/n] y
    
    Install which version of Nginx? (version i.e. 1.11.1): 1.11.1
    


    I'd update to latest code base for 123.09beta01 if possible via centmin.sh menu option 3 submenu option 3 if on 123.08stable or submenu option 2 if on 123.09beta01 first before running centmin.sh menu option 4

    or via git pull on 123.09beta01 if you setup git environment
    Code (Text):
    cmdir
    git pull
    ./centmin.sh
    

    run menu option 4 and specify nginx 1.11.1

    example git pull in /usr/local/src/centminmod will pull updates to your centmin mod code on your server
    Code (Text):
    git pull
    remote: Counting objects: 4, done.
    remote: Compressing objects: 100% (1/1), done.
    remote: Total 4 (delta 3), reused 4 (delta 3), pack-reused 0
    Unpacking objects: 100% (4/4), done.
    From https://github.com/centminmod/centminmod
       118224a..a037290  123.09beta01 -> origin/123.09beta01
    Updating 118224a..a037290
    Fast-forward
    inc/cpcheck.inc | 4 ++--
    1 file changed, 2 insertions(+), 2 deletions(-)
    

    then run centmin.sh
     
    Last edited: Jun 1, 2016
  3. Oxide

    Oxide Active Member

    534
    29
    28
    Mar 19, 2015
    Ratings:
    +59
    Local Time:
    12:28 PM
    Interesting. Could this have something to do with my issue before? Where tmp folder was full when under attack.. idk

    nginx version: nginx/1.9.11
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    maybe.. update to 1.11.1 ASAP ! :)
     
  5. Oxide

    Oxide Active Member

    534
    29
    28
    Mar 19, 2015
    Ratings:
    +59
    Local Time:
    12:28 PM
    Updating now on both my nodes :) First one succeed.
     
  6. Oxide

    Oxide Active Member

    534
    29
    28
    Mar 19, 2015
    Ratings:
    +59
    Local Time:
    12:28 PM
    I accidently ctrl+c'd when updating the base, now i have no option to go to cmdir.. Or can't find centmin folder at all. What can I do?

    I git cloned it again but cmdir is still not working etc, do i need to run centmin option 1? D:
     
  7. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    manually update via

    Code (Text):
    cd /usr/local/src/centminmod
    git pull
    ./centmin.sh
    

    if /usr/local/src/centminmod is wiped during update, recreate it via below cmds which is the command line equivalent of centmin.sh menu option 23 submenu option 3 for switching to 123.09beta01 branch
    Code (Text):
    cd /usr/local/src
    rm -rf /usr/local/src/centminmod
    git clone https://github.com/centminmod/centminmod.git centminmod
    cd centminmod
    git checkout -f 123.09beta01
    ./centmin.sh
    
     
  8. trxerz

    trxerz Member

    69
    5
    8
    Jun 25, 2015
    Ratings:
    +7
    Local Time:
    3:28 AM
    Hi,
    When try to run centmin.sh via ssh, it always stuck on this, waiting for more than 5 minutes and nothing so I cancel it.
    [​IMG]
    Imgur: The most awesome images on the Internet

    Now when I run "git pull" command, I see this message:
    Code:
    git pull
    remote: Counting objects: 544, done.
    remote: Compressing objects: 100% (70/70), done.
    remote: Total 544 (delta 285), reused 249 (delta 249), pack-reused 223
    Receiving objects: 100% (544/544), 22.07 MiB | 40.71 MiB/s, done.
    Resolving deltas: 100% (418/418), completed with 40 local objects.
    From https://github.com/centminmod/centminmod
       b9d68d2..64eb310  123.08stable -> origin/123.08stable
       970db7a..a037290  123.09beta01 -> origin/123.09beta01
       8d0bf9d..e109f13  master     -> origin/master
    Updating 970db7a..a037290
    error: Your local changes to 'centmin.sh' would be overwritten by merge.  Aborting.
    Please, commit your changes or stash them before you can merge.
    
     
  9. Jimmy

    Jimmy Well-Known Member

    1,778
    388
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +987
    Local Time:
    10:28 PM
    I think you have a typo in your warning - shouldn't it be 1.11.1? Not 1.10.1

    Code:
    ###############################################################
    * Getting Started Guide - http://centminmod.com/getstarted.html
    * Find the latest Centmin Mod version - http://centminmod.com
    * Centmin Mod FAQ - http://centminmod.com/faq.html
    * Change Log - http://centminmod.com/changelog.html
    * Google+ Page latest news http://centminmod.com/gpage
    * Community Forums https://community.centminmod.com (signup)
    ###############################################################
    # Cheap VPS Hosting at Digitalocean
    # https://www.digitalocean.com/?refcode=c1cb367108e8
    ###############################################################
    
    ###############################################################
    * Current Nginx Version: 1.11.0
    * Latest Nginx Available: 1.10.1
    ###############################################################
    
     
    Last edited: Jun 1, 2016
  10. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    @trxerz

    need git stash first if you manually edited local files prior
    Code (Text):
    cd /usr/local/src/centminmod
    git stash
    git pull
    ./centmin.sh
    


    @Jimmy i pull version number from nginx read only github.com repo but that hasn't need updated beyond 1.10.1
     
  11. Duncan

    Duncan New Member

    3
    1
    3
    Aug 23, 2014
    Ratings:
    +1
    Local Time:
    11:28 PM
    Thanks!
     
  12. Jimmy

    Jimmy Well-Known Member

    1,778
    388
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +987
    Local Time:
    10:28 PM
    Upgrade to 1.11.1 went perfect.

    Thanks for letting everyone know so quickly @eva2000. :)
     
  13. Revenge

    Revenge Active Member

    469
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +354
    Local Time:
    3:28 AM
    1.9.x
    10.1.x
    Is there any proof of concept for this?
     
  14. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    haven't see any.. let me know if you do find some
     
  15. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  16. deltahf

    deltahf Premium Member Premium Member

    582
    264
    63
    Jun 8, 2014
    Ratings:
    +483
    Local Time:
    10:28 PM
    Thanks for the email, eva! All updated. (y)
     
  17. Mask

    Mask Active Member

    108
    31
    28
    Nov 10, 2014
    Ratings:
    +37
    Local Time:
    7:28 AM
    Nginx 1.9.1
    MariaDB 10.0.19
    Hello,

    Do I have to update to 123.09beta01 to get it working ??
    Because I just tried it with my 123.08stable install and it ended up in error. :(

    This is what I did. (On 123.08stable)
    Ran option 23, then sup option 1 and 2 (so I have up-tp-date stable branch files)
    Ran option 4 to upgrade Nginx and it ended up in error like this
    Code:
        Code coverage ................... : no
    
    make[2]: Leaving directory `/svr-setup/pcre-8.37'
    make[1]: *** [../pcre-8.37/Makefile] Error 2
    make[1]: Leaving directory `/svr-setup/nginx-1.11.1'
    make: *** [build] Error 2
    
    real    0m4.764s
    user    0m2.287s
    sys     0m2.776s
    
    strip nginx binary...
    ls: cannot access objs/nginx: No such file or directory
    strip: 'objs/nginx': No such file
    ls: cannot access objs/nginx: No such file or directory
    
    
    Sat Jun 11 02:56:58 PKT 2016
    Success: Nginx make ok
    
    make -f objs/Makefile install
    make[1]: Entering directory `/svr-setup/nginx-1.11.1'
    cd ../pcre-8.37 \
    && if [ -f Makefile ]; then make distclean; fi \
    && CC="ccache /usr/bin/clang -ferror-limit=0" CFLAGS="-O2 -pipe " \
    ./configure --disable-shared  --enable-jit
    make[2]: Entering directory `/svr-setup/pcre-8.37'
    cd . && /bin/sh /svr-setup/pcre-8.37/missing automake-1.15 --gnu Makefile
    /svr-setup/pcre-8.37/missing: line 81: automake-1.15: command not found
    WARNING: 'automake-1.15' is missing on your system.
             You should only need it if you modified 'Makefile.am' or
             'configure.ac' or m4 files included by 'configure.ac'.
             The 'automake' program is part of the GNU Automake package:
             <http://www.gnu.org/software/automake>
             It also requires GNU Autoconf, GNU m4 and Perl in order to run:
             <http://www.gnu.org/software/autoconf>
             <http://www.gnu.org/software/m4/>
             <http://www.perl.org/>
    make[2]: *** [Makefile.in] Error 127
    make[2]: Leaving directory `/svr-setup/pcre-8.37'
    make[1]: *** [../pcre-8.37/Makefile] Error 2
    make[1]: Leaving directory `/svr-setup/nginx-1.11.1'
    make: *** [install] Error 2
    
    real    0m0.043s
    user    0m0.026s
    sys     0m0.020s
    
    Sat Jun 11 02:57:01 PKT 2016
    Success: Nginx was installed properly
    Last line says its installed properly but I am still on Nginx 1.9.11
    I am on CentOS Linux release 7.2.1511 .... If that makes any difference.

    Anyone else seeing this ??
     
  18. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    after menu option 23 steps, did you exit centmin.sh and change back into /usr/local/src/centminmod and re-run centmin.sh menu option 4 ? you need to do this otherwise you run option 4 against old code not the new updated code
     
  19. Oxide

    Oxide Active Member

    534
    29
    28
    Mar 19, 2015
    Ratings:
    +59
    Local Time:
    12:28 PM
    Any idea why it's taking so long time?

    Receiving objects: 51% (6645/12869), 325.98 MiB | 646.00 KiB/s

    @eva2000
     
  20. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    12:28 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    probably your servers network connectivity to github.com or github is having issues GitHub System Status

    GitHub System Status