Welcome! Log In Create A New Profile

Advanced

Re: Strange advisory

May 10, 2014 03:42PM
Hello,

This has not been fixed in current nginx releases, this is not
directly related to nginx either, the problem is outdated terminal
emulators would parse the potentially malicious commands in the log
file. This answer http://unix.stackexchange.com/a/15210 explains it
better.

---
Regards,
Kurt Cancemi


On Sat, May 10, 2014 at 2:59 PM, B.R. <reallfqq-nginx@yahoo.fr> wrote:
> I just saw something strange on
> http://nginx.org/en/security_advisories.html:
> "An error log data are not sanitized
> Severity: none
> CVE-2009-4487
> Not vulnerable: none
> Vulnerable: all"
>
> Severity is labelled as 'None', though the CVE talks, among other stuff,
> about 'arbitrary commands and file write'.
> Is your advisories page wrong? Is the CVE wrong? Has this been solved?
> ---
> B. R.
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Strange advisory

B.R. May 10, 2014 03:02PM

Re: Strange advisory

x64architecture May 10, 2014 03:42PM

RE: Strange advisory

Lukas Tribus May 10, 2014 03:46PM

Re: Strange advisory

B.R. May 11, 2014 12:28AM

Re: Strange advisory

itpp2012 May 11, 2014 05:12AM

Re: Strange advisory

Valentin V. Bartenev May 13, 2014 04:24AM

Re: Strange advisory

B.R. May 13, 2014 09:46AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 329
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready