Date: Wed, 22 May 2013 12:46:18 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Cc: Andrew Alexeev <andrew@...nx.com> Subject: Re: nginx security advisory (CVE-2013-2028) On Tue, May 07, 2013 at 05:44:36AM -0700, Andrew Alexeev wrote: > Greg MacManus, of iSIGHT Partners Labs, found a security problem > in several recent versions of nginx. A stack-based buffer > overflow might occur in a worker process while handling a > specially crafted request, potentially resulting in arbitrary code > execution (CVE-2013-2028). A recent blog post on the topic: "Analysis of nginx 1.3.9/1.4.0 stack buffer overflow and x64 exploitation (CVE-2013-2028)" http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/ Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ