Re: CVE Request: nginx resolver heap overflow

[Kurt Seifried <kseifried () redhat com>]

On 11/16/2011 10:50 PM, Ben Hawkes wrote:
> Hi,
>
> The nginx team have released stable version 1.0.10, which includes a fix 
> for a heap overflow bug in the custom DNS resolver:
>
> http://trac.nginx.org/nginx/changeset/4268/nginx
>
> The resolver is most commonly used with the proxy and fastcgi modules,
> which are not enabled by default.
>
> In order to trigger this condition an attacker would need to be in
> control of an upstream resolver host, or be in a position to brute-force
> the weakly generated 16-bit transaction identifier.
>
> Thanks,
> Ben Hawkes
Do you need a CVE # for this issue?

-- 

-Kurt Seifried / Red Hat Security Response Team