Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion

Hosting Discussion > Web Hosting Forums > Hardware and Server Configuration > Nginx :: ngx_http_close_connection function integer overflow exploit -- threat?
forgot password?


  Post #1 (permalink)   05-02-2013, 12:20 PM
HD Master
Join Date: Dec 2011
Location: Florida
Posts: 274
Send a message via Skype™ to SolidShellSecur

Status: SolidShellSecur is offline
As posted on our blog (with patches) I am curious as to what everyone thinks about this exploit. It technically has once again been dismissed by nginx due to not having a PoC to go along with it. Now we went ahead and patched the exploit non the less.

In the hosting industry a lot of people make use of nginx, but from what a friend told me who originally discovered this over a year ago and was dismissed by nginx dev team, you could carefully pass a command killall to nginx and it will kill itself for example.

So I am curious as to how everyone else see this exploit? A threat or just something not to worry about right now?
__________________ Providing Quality Support, Secure Hosting and Amazing Services.
STAY ALERT! Sign up for our security mailing list and always know when threats come out.

  Post #2 (permalink)   05-02-2013, 03:05 PM
HD Amateur
Join Date: Apr 2013
Location: Sweden
Posts: 65

Status: mikho is offline
If you found it and patched it, wouldn't it be easy for you to submit PoC to the nginX team ?
-_- -_- the guides to administer your lowend vps
Like on Facebook and follow on Twitter

$3 / year shared hosting found here

  Post #3 (permalink)   05-08-2013, 10:18 AM
HD Newbie
Join Date: Apr 2013
Posts: 39

Status: Iniz is offline
They recently released an advisory note:
Iniz - Budget VPS - SSD VPS
4 Locations & Growing

Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: