Critical vulnerabilities in NGINX allows complete takeover of affected systems. Exploit publicly available; patch now

Nginx security teams published a report related to a critical vulnerability in their DNS resolution implementation. Tracked as CVE-2021-23017, successful exploitation of this vulnerability would allow threat actors to take full control of affected systems. The flaw does not yet receive a score in the Common Vulnerability Scoring System (CVSS).

The risk increases because the existence of a publicly available exploit has already been confirmed. The report notes that this flaw exists due to an error variant known as off-by-one in the ngx_resolevr_copy () function during DNS response processing. Remote threat actors could abuse the error to write a character outside the allocated memory area to the buffer, allowing malicious code to be executed.

The flaw might exist due to a DNS response to an Nginx DNS query when configuring a resolution primitive. A specially designed package would allow you to overwrite the least significant metadata byte of the next stack block 0x2E and execute the code.

This flaw lies in Nginx Open Source, Nginx Plus and Nginx Ingress Controller. The full list of affected versions is available on the company’s official platforms.

The company’s report also refers to two flaws in Nginx. The first vulnerability, tracked as CVE-2021-23019, is related to a system.txt file that is included in the Nginx support package. Threat actors could obtain the support package, recover the administrator password, and gain privileged access to the target system. This flaw received a CVSS score of 7.4/10.

On the other hand, CVE-2021-23021 exists due to incorrect application of default permissions for the /etc/controller-agent/agent.conf agent configuration file. A local user with system access can get sensitive information, such as the API key. The vulnerability allows a local user to scale privileges on the system and received a CVSS score of 2.9/10. This flaw can only be exploited locally, reducing the risk of abuse.

Nginx has already released the necessary fixes to address these security issues, so users in affected deployments are advised to install the updates as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.