Welcome! Log In Create A New Profile

Advanced

Vulnerability

Posted by bender 
Vulnerability
April 26, 2013 07:27PM
Is anyone looking into this one?

http://packetstormsecurity.com/files/121416/nginx-Integer-Overflow.html
Re: Vulnerability
April 30, 2013 11:30PM
According to the exploit author:

"Because it will cause greate damage,I can't give you the POC,instead a
tip.The r->count is a 8 bit data,if you try to increase the
r->main->count to more then 256,then it will exec
ngx_http_free_request(r, rc) and ngx_http_close_connection(c),so when
goto ngx_http_close_connection again,the segment fault happens.
Easy patch to modify src\http\ngx_http_request.h file,change count:8;
to count:16;"
Re: Vulnerability
May 03, 2013 11:44AM
404
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 149
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready