nginx security threat:

I. BACKGROUND
â€”â€”â€”â€”â€”â€”â€”
Nginx is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. For a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VKontakte, and Rambler. According to Netcraft nginx served or proxied 12.96% busiest sites in April 2013. Here are some of the success stories: Netflix, WordPress.com, FastMail.FM.
II. DESCRIPTION
â€”â€”â€”â€”â€”â€”â€”
Qihoo 360 Web Security Research Team discovered a critical vulnerability in nginx.
The vulnerability is caused by a int overflow error within the Nginx
ngx_http_close_connection function when r->count is less then 0 or more then 255, which could be exploited
by remote attackers to compromise a vulnerable system via malicious http requests.
III. AFFECTED PRODUCTS
â€”â€”â€”â€”â€”â€”â€”â€”â€”
Nginx all latest version
IV. Exploits/PoCs
â€”â€”â€”â€”â€”â€”â€”â€”â€”â€”â€”â€”â€”
In-depth technical analysis of the vulnerability and a fully functional remote code execution exploit are available through the safe3q (at) gmail (dot) com [email concealed]
In src\http\ngx_http_request_body.c ngx_http_discard_request_body function,we can make r->count++.
V. VUPEN Threat Protection Program
â€”â€”â€”â€”â€”â€”â€”â€”â€”â€”â€”â€“
VI. SOLUTION
â€”â€”â€”â€”â€”-
Validate the r->count input.
VII. CREDIT
â€”â€”â€”â€”â€“
This vulnerability was discovered by Safe3 of Qihoo 360.
VIII. ABOUT Qihoo 360
â€”â€”â€”â€”â€”â€”â€”â€”â€”
Qihoo 360 is the leading provider of defensive and offensive web cloud security of China.
IX. REFERENCES
â€”â€”â€”â€”â€”â€”â€”-
http://nginx.org/en/
Click to expand...

Patch and more info:
http://blog.solidshellsecurity.com/2013/04/29/nginx-ngx_http_close_connection-function-integer-overflow-exploit-patch/

Log in or Sign up

nginx security threat:

TiffanyJ.SSS Member

Log in or Sign up

nginx security threat:

TiffanyJ.SSS Member

Useful Searches