oss-sec mailing list archives

nginx security advisory (CVE-2013-2028)

From: Andrew Alexeev <andrew () nginx com>
Date: Tue, 7 May 2013 05:44:36 -0700

Hello!

Greg MacManus, of iSIGHT Partners Labs, found a security problem
in several recent versions of nginx.  A stack-based buffer
overflow might occur in a worker process while handling a
specially crafted request, potentially resulting in arbitrary code
execution (CVE-2013-2028).

The problem affects nginx 1.3.9 - 1.4.0.

The problem is fixed in nginx 1.5.0, 1.4.1.

Patch for the problem can be found here:

http://nginx.org/download/patch.2013.chunked.txt

As a temporary workaround the following configuration
can be used in each server{} block:

   if ($http_transfer_encoding ~* chunked) {
       return 444;
   }


-- 
Andrew Alexeev
Nginx, Inc.

Current thread:

nginx security advisory (CVE-2013-2028) Andrew Alexeev (May 07)
- Re: nginx security advisory (CVE-2013-2028) Florian Weimer (May 07)
- Re: nginx security advisory (CVE-2013-2028) Solar Designer (May 22)