Nginx ldap-auth Remote Code Execution Vulnerability

Release Date: 12 Apr 2022 5386 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

A vulnerability was identified in Nginx ldap-auth. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

Impact

  • Remote Code Execution

System / Technologies affected

  • Nginx with ldap‑auth daemon
  • Nginx Plus with ldap‑auth daemon

 

Note: Deployments of the LDAP reference implementation are affected by the vulnerability if any of the following conditions apply. 

 

  1. Command-line parameters are used to configure the Python daemon
  2. There are unused, optional configuration parameters
  3. LDAP authentication depends on specific group membership

Solutions

Nginx has suggested mitigation options to protect customers.
https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/

Vulnerability Identifier

Note: No CVE information is available for this vulnerability

Source

Related Link

Related Tags

NginxRemote Code Execution

Share with

Previous

Google Chrome Multiple Vulnerabilities

12 Apr 2022 4137 Views

Next

SUSE Linux Kernel Multiple Vulnerabilities

13 Apr 2022 4493 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY