Search This Blog

Powered by Blogger.

Blog Archive

Labels

CVE-2013-2028 : Buffer Overflow vulnerability fixed in nginx 1.5.0, 1.4.1

A security researcher Greg MacManus from iSIGHT Partners Labs discovered stack-based buffer overflow in several recent version of NGINX web server

A security researcher Greg MacManus from iSIGHT Partners Labs discovered a critical security flaw in several recent version of NGINX - an open source web server.

"A stack-based buffer overflow might occur in a worker process while handling a specially crafted request, potentially resulting in arbitrary code execution"

The security flaw now identified with CVE id "CVE-2013-2028" affects nginx version 1.3.9 - 1.4.0. NGINX developers released patch for fixing this security vulnerability.

The problem is fixed in nginx 1.5.0, 1.4.1. Patch for the problem can be found here: http://nginx.org/download/patch.2013.chunked.txt
Share it:

Cyber Security News

Security News

Web Server security