lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <201304250652.r3P6qJvK032079@sf01web2.securityfocus.com> Date: Thu, 25 Apr 2013 06:52:19 GMT From: safe3q@...il.com To: bugtraq@...urityfocus.com Subject: Nginx ngx_http_close_connection function integer overflow Website: http://safe3.com.cn I. BACKGROUND --------------------- Nginx is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. For a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VKontakte, and Rambler. According to Netcraft nginx served or proxied 12.96% busiest sites in April 2013. Here are some of the success stories: Netflix, Wordpress.com, FastMail.FM. II. DESCRIPTION --------------------- Qihoo 360 Web Security Research Team discovered a critical vulnerability in nginx. The vulnerability is caused by a int overflow error within the Nginx ngx_http_close_connection function when r->count is less then 0 or more then 255, which could be exploited by remote attackers to compromise a vulnerable system via malicious http requests. III. AFFECTED PRODUCTS --------------------------- Nginx all latest version IV. Exploits/PoCs --------------------------------------- In-depth technical analysis of the vulnerability and a fully functional remote code execution exploit are available through the safe3q@...il.com In src\http\ngx_http_request_body.c ngx_http_discard_request_body function,we can make r->count++. V. VUPEN Threat Protection Program ----------------------------------- VI. SOLUTION ---------------- Validate the r->count input. VII. CREDIT -------------- This vulnerability was discovered by Safe3 of Qihoo 360. VIII. ABOUT Qihoo 360 --------------------------- Qihoo 360 is the leading provider of defensive and offensive web cloud security of China. IX. REFERENCES ---------------------- http://nginx.org/en/
Powered by blists - more mailing lists