Skip to main content

Nginx ldap-auth Remote Code Execution Vulnerability

Release Date: 12 Apr 2022 5556 Views

RISK: Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

A vulnerability was identified in Nginx ldap-auth. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.


Impact

  • Remote Code Execution

System / Technologies affected

  • Nginx with ldap‑auth daemon
  • Nginx Plus with ldap‑auth daemon

 

Note: Deployments of the LDAP reference implementation are affected by the vulnerability if any of the following conditions apply. 

 

  1. Command-line parameters are used to configure the Python daemon
  2. There are unused, optional configuration parameters
  3. LDAP authentication depends on specific group membership

Solutions

Nginx has suggested mitigation options to protect customers.
https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/


Vulnerability Identifier

Note: No CVE information is available for this vulnerability


Source


Related Link