Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 07 May 2013 16:36:54 +0200
From: Florian Weimer <fweimer@...hat.com>
To: oss-security@...ts.openwall.com
CC: Andrew Alexeev <andrew@...nx.com>
Subject: Re: nginx security advisory (CVE-2013-2028)

On 05/07/2013 02:44 PM, Andrew Alexeev wrote:
> Hello!
>
> Greg MacManus, of iSIGHT Partners Labs, found a security problem
> in several recent versions of nginx.  A stack-based buffer
> overflow might occur in a worker process while handling a
> specially crafted request, potentially resulting in arbitrary code
> execution (CVE-2013-2028).
>
> The problem affects nginx 1.3.9 - 1.4.0.

Isn't similar code in older version (say, 1.2.6) in 
src/http/modules/ngx_http_proxy_module.c?

> The problem is fixed in nginx 1.5.0, 1.4.1.
>
> Patch for the problem can be found here:
>
> http://nginx.org/download/patch.2013.chunked.txt

I think this fix is not quite correct because it is not possible to 
detect signed integer overflow in C after it has happened.  (Curiously, 
the original fix for CVE-2002-0392 had the same issue.)

-- 
Florian Weimer / Red Hat Product Security Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ