oss-sec mailing list archives

Re: nginx security advisory (CVE-2013-2028)

From: Solar Designer <solar () openwall com>
Date: Wed, 22 May 2013 12:46:18 +0400

On Tue, May 07, 2013 at 05:44:36AM -0700, Andrew Alexeev wrote:

Greg MacManus, of iSIGHT Partners Labs, found a security problem
in several recent versions of nginx.  A stack-based buffer
overflow might occur in a worker process while handling a
specially crafted request, potentially resulting in arbitrary code
execution (CVE-2013-2028).


A recent blog post on the topic:

"Analysis of nginx 1.3.9/1.4.0 stack buffer overflow and x64
exploitation (CVE-2013-2028)"

http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/

Alexander

Current thread:

nginx security advisory (CVE-2013-2028) Andrew Alexeev (May 07)
- Re: nginx security advisory (CVE-2013-2028) Florian Weimer (May 07)
- Re: nginx security advisory (CVE-2013-2028) Solar Designer (May 22)