Re: Nginx ngx_http_close_connection function integer overflow - can anyone confirm this?

[Andrew Alexeev <andrew () nginx com>]

On Apr 26, 2013, at 11:15 AM, Andrew Alexeev <andrew () nginx com> wrote:

> On Apr 26, 2013, at 9:48 AM, Alistair Crooks wrote:
>
> > On Thu, Apr 25, 2013 at 11:36:17PM -0600, Kurt Seifried wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > - From Bugtraq:
> > >
> > > http://www.securityfocus.com/archive/1/526439/30/0/threaded
> > >
> > > Website: http://safe3.com.cn
> >
> > Is this legit?
> >
> > I downloaded the index.html file with curl, and embedded around line 87
> > was a flash file:
>
> Unfortunately we weren't approached by "Qihoo 360 Web Security Research Team"
> before this publication went out through bugtraq.
>
> We are now trying to obtain more information from that team without much success.
>
> We've also analyzed their report and we can't conclude this is a real vulnerability yet.
> From the descriptions provided it still looks like it's somewhat spurious.
>
> We are trying to continue investigation though.
>
> Regrettably responsible disclosure isn't always the case. However, we can't yet confirm
> it's a full one either.

We've been also directly approached by Qihoo team couple of days ago.

After a thorough examination we can tell the following:

http://mailman.nginx.org/pipermail/nginx/2013-April/038701.html

Basically, we believe that nginx code distributed by Nginx Inc. is not affected by
the above mentioned report.


> > <table width="930" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
> > <tr><td>
> > <object type="application/x-shockwave-flash" data="/banner.swf?xml=/banner.xml" width="930" height="180">
> > <param name="movie" value="/banner.swf?xml=/banner.xml"/>
> > </object>
> > </td></tr>
> > <tr>
> >
> > so I took it to be an attempt at phishing.
> >
> > Maybe I'm just too paranoid in my old age?
> >
> > Regards,
> > Alistair