Nginx ldap-auth Remote Code Execution Vulnerability
source link: https://www.hkcert.org/security-bulletin/nginx-ldap-auth-remote-code-execution-vulnerability_20220412
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Nginx ldap-auth Remote Code Execution Vulnerability
RISK: Medium Risk
TYPE: Servers - Web Servers
A vulnerability was identified in Nginxldap-auth. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.
Impact
- Remote Code Execution
System / Technologies affected
- Nginx with ldap‑auth daemon
- Nginx Plus with ldap‑auth daemon
Note: Deployments of the LDAP reference implementation are affected by the vulnerability if any of the following conditions apply.
- Command-line parameters are used to configure the Python daemon
- There are unused, optional configuration parameters
- LDAP authentication depends on specific group membership
Solutions
Nginx has suggested mitigation options to protect customers.
https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/
Vulnerability Identifier
Note: No CVE information is available for this vulnerability
Source
Related Link
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK