Welcome! Log In Create A New Profile

Re: null pointer dereference vulnerability in 0.1.0-0.8.13

Forum List Message List New Topic Print View

San

October 26, 2009 06:58PM

Registered: 14 years ago
Posts: 62

Adrenalin пишет:
> Спасибо !
>
> Вот только експлойт в паблике с 22 окт.
> http://seclists.org/fulldisclosure/2009/Oct/306 ;)
> Так как автор пишет "tested on versions 0.7.0 <= 0.7.61, 0.6.0 <=
> 0.6.38, 0.5.0 <= 0.5.37, 0.4.0
> <= 0.4.14" думал что "nginx-0.7.62, nginx-0.6.39 и nginx-0.5.38"
> неуязвимы, а нетушки
>
> 2009/10/26 Igor Sysoev <is@rambler-co.ru>:
>
>> On Mon, Oct 26, 2009 at 09:14:52PM +0200, Anton V. Antonenko wrote:
>>
>>
>>> 26 октября 2009 г. 20:45 пользователь Igor Sysoev <is@rambler-co.ru>написал:
>>>
>>>
>>>> Патч для устранения null pointer dereference vulnerability для тех,
>>>> кто ещё не перешёл на последние stable и legacy stable версии.
>>>> Патч не нужен для версий 0.8.14+, 0.7.62+, 0.6.39+ и 0.5.38+.
>>>>
>>> Что позволяет данная уязвимость? Кроме сегфолта чем это чревато?
>>>
>> Только сегфолты.
>>
>>
>> --
>> Игорь Сысоев
>> http://sysoev.ru
>>
>>
>>
Опробовал сплоит на своих серверах...
2 штуки FreeBSD nginx/0.7.62
1 штука Linux Gentoo nginx/0.7.62
сплоит не работает...
Руками нечего не патчил.. все ставил с портов...

Reply Quote

RSS

Subject	Author	Posted
null pointer dereference vulnerability in 0.1.0-0.8.13	Igor Sysoev	October 26, 2009 02:54PM
Re: null pointer dereference vulnerability in 0.1.0-0.8.13	Anton V. Antonenko	October 26, 2009 03:22PM
Re: null pointer dereference vulnerability in 0.1.0-0.8.13	Igor Sysoev	October 26, 2009 04:48PM
Re: null pointer dereference vulnerability in 0.1.0-0.8.13	Adrenalin	October 26, 2009 06:16PM
Re: null pointer dereference vulnerability in 0.1.0-0.8.13	San	October 26, 2009 06:58PM
Re: null pointer dereference vulnerability in 0.1.0-0.8.13	Igor Sysoev	October 27, 2009 02:06AM
Re: null pointer dereference vulnerability in 0.1.0-0.8.13	Михаил Монашёв	October 27, 2009 05:26PM
Re: null pointer dereference vulnerability in 0.1.0-0.8.13	Executier Godlike	October 27, 2009 07:06PM
Re: null pointer dereference vulnerability in 0.1.0-0.8.13	Gena Makhomed	October 28, 2009 07:28AM
Re: null pointer dereference vulnerability in 0.1.0-0.8.13	Executier Godlike	October 28, 2009 11:24AM
"premature optimization is the root of all evil"	Gena Makhomed	October 28, 2009 03:54PM
Re: "premature optimization is the root of all evil"	Kostya Alexandrov	October 28, 2009 04:44PM
Re: "premature optimization is the root of all evil"	Executier Godlike	October 29, 2009 05:38AM
Re: "premature optimization is the root of all evil"	Executier Godlike	October 29, 2009 05:42AM
Re: "premature optimization is the root of all evil"	Gena Makhomed	October 29, 2009 07:04AM
Re: "premature optimization is the root of all evil"	Pavel Labushev	October 29, 2009 09:44AM
Re: null pointer dereference vulnerability in 0.1.0-0.8.13	Михаил Монашёв	October 28, 2009 11:40AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 113

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018