Headline
CVE-2018-16845: Denial of service and memory disclosure via mp4 module
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
Description Sam Fowler 2018-10-31 04:02:02 UTC
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the mp4 module that allows for denial of service or worker process memory disclosure.
Comment 1 Borja Tarraso 2018-11-02 08:47:57 UTC
Acknowledgments:
Name: the Nginx project
Comment 2 Borja Tarraso 2018-11-02 15:06:50 UTC
Ansible Tower is not using ngx_http_mp4_module at all, therefore is not affected.
Comment 3 Borja Tarraso 2018-11-02 20:11:00 UTC
Already did some research and discuss with Satoe I. from CloudForms. CFME is not using in any way nginx more than the inclusion from Ansible Tower (not changed or altered configuration or used outside from Tower), and Ansible Tower is not affected, so CloudForms is also not affected; updating the task accordingly.
Comment 11 Riccardo Schirone 2018-11-08 10:21:06 UTC
ngx_http_mp4_read_atom() function in ngx_http_mp4_module.c file does not check if atom_size in a 64-bit atom in mp4 files is greater than the minimum value atom_header_size, which is 16 for 64-bit atoms. When atom_header_size is subtracted from atom_size, the result may underflow and cause various issues like infinite loops, when the size is 0, crashes or memory disclosure.
Comment 14 errata-xmlrpc 2018-11-26 12:06:57 UTC
This issue has been addressed in the following products:
Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
Via RHSA-2018:3652 https://access.redhat.com/errata/RHSA-2018:3652
Comment 15 errata-xmlrpc 2018-11-26 12:26:36 UTC
This issue has been addressed in the following products:
Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6
Via RHSA-2018:3653 https://access.redhat.com/errata/RHSA-2018:3653
Comment 16 errata-xmlrpc 2018-11-27 09:03:01 UTC
This issue has been addressed in the following products:
Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
Via RHSA-2018:3680 https://access.redhat.com/errata/RHSA-2018:3680
Comment 17 errata-xmlrpc 2018-11-27 09:17:24 UTC
This issue has been addressed in the following products:
Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
Via RHSA-2018:3681 https://access.redhat.com/errata/RHSA-2018:3681