nginx security advisory (CVE-2013-2028)

Post author:g33kadmin
Post published:May 7, 2013
Post category:General Info

Hello!

Greg MacManus, of iSIGHT Partners Labs, found a security problem in several recent versions of nginx. A stack-based buffer overflow might occur in a worker process while handling a specially crafted request, potentially resulting in arbitrary code execution (CVE-2013-2028).

The problem affects nginx 1.3.9 – 1.4.0.

The problem is fixed in nginx 1.5.0, 1.4.1.

Patch for the problem can be found here:

http://nginx.org/download/patch.2013.chunked.txt

As a temporary workaround the following configuration
can be used in each server{} block:
if ($http_transfer_encoding ~* chunked) { return 444; }

g33kadmin

I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....

Linux Shtuff Posts

January 8, 2010/

1 Comment
Open-Source Alternative to

June 2, 2022/

0 Comments
DragonflyDB

June 1, 2022/

0 Comments
Gitnoter

June 1, 2022/

0 Comments
Orion Browser

June 1, 2022/

0 Comments
Chaos Mesh

May 5, 2022/

0 Comments

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Please Share This Share this content

g33kadmin

You Might Also Like

How Linux works: the ultimate guide

My Business Card Runs Linux • &> /dev/null

How to Disable Ping

Share this content