Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 22 May 2013 12:46:18 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: Andrew Alexeev <andrew@...nx.com>
Subject: Re: nginx security advisory (CVE-2013-2028)

On Tue, May 07, 2013 at 05:44:36AM -0700, Andrew Alexeev wrote:
> Greg MacManus, of iSIGHT Partners Labs, found a security problem
> in several recent versions of nginx.  A stack-based buffer
> overflow might occur in a worker process while handling a
> specially crafted request, potentially resulting in arbitrary code
> execution (CVE-2013-2028).

A recent blog post on the topic:

"Analysis of nginx 1.3.9/1.4.0 stack buffer overflow and x64
exploitation (CVE-2013-2028)"

http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ