Date: Tue, 07 May 2013 16:36:54 +0200 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com CC: Andrew Alexeev <andrew@...nx.com> Subject: Re: nginx security advisory (CVE-2013-2028) On 05/07/2013 02:44 PM, Andrew Alexeev wrote: > Hello! > > Greg MacManus, of iSIGHT Partners Labs, found a security problem > in several recent versions of nginx. A stack-based buffer > overflow might occur in a worker process while handling a > specially crafted request, potentially resulting in arbitrary code > execution (CVE-2013-2028). > > The problem affects nginx 1.3.9 - 1.4.0. Isn't similar code in older version (say, 1.2.6) in src/http/modules/ngx_http_proxy_module.c? > The problem is fixed in nginx 1.5.0, 1.4.1. > > Patch for the problem can be found here: > > http://nginx.org/download/patch.2013.chunked.txt I think this fix is not quite correct because it is not possible to detect signed integer overflow in C after it has happened. (Curiously, the original fix for CVE-2002-0392 had the same issue.) -- Florian Weimer / Red Hat Product Security Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ