Remote Code Execution in nginx with nJS

Posted on Monday 3rd June 2019

Serious vulnerabilities have been identified within nginx server when the nJS module is enabled. These vulnerabilities could be exploited by an attacker to execute code on the server, potentially leading to a complete compromise of the server environment.

nginx Logo
nginx Logo

The nginx server is behind approximately 30% of the world’s websites and while it has had its share of bugs and security updates, no serious exploits have been published for nginx so far.

New nginx Security Research

That may be set to change after a number of vulnerabilities were privately reported by an independent security researcher, Alisa Esage. The most serious of which may enable an attacker to run their own code on the underlying server, potentially compromising the entire server environment including applications on the server and the databases they interact with.

The severity of these vulnerabilities and the significant market share of nginx mean that these bugs are likely to attract a lot of attention both from security companies looking to improve defenses and protections, and from criminal hackers looking to attack affected servers. It may only be a matter of time before working exploit code is produced and published.

The nginx team have yet to publish an official security advisory.

What Can You Do?

The nginx team have reportedly fixed one of the vulnerabilities in nJS version 0.3.2 and a further fix will be included in version 0.3.3 so it is important to update your servers and ensure that future updates are installed as they become available. The command njs -v can be used to determine the version of nJS installed on a server as shown in the following screenshot.

Checking the njs version with the nvs -v command.
Checking the nJS version with nvs -v

We recommend ensuring that you have a software patching policy and process in place so that security updates are applied in a timely manner. This should apply to all software on all systems including servers and workstations. A backup policy and process should also be in place to ensure that systems can be restored quickly in the event of a compromise.

Regular vulnerability scanning of your IT environment helps to ensure that you will be alerted whenever systems become affected by security vulnerabilities.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *.