All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Has anyone seen this nginx integer overflow vulnerability?
Caught this on a few security websites... anyone seen something similar?
However, "Qihoo 360 is the leading provider of defensive and offensive web cloud security of China."
Snake oil salesman?
-- copy/paste
Website: http://safe3.com.cn
I. BACKGROUND
Nginx is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. For a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VKontakte, and Rambler. According to Netcraft nginx served or proxied 12.96% busiest sites in April 2013. Here are some of the success stories: Netflix, Wordpress.com, FastMail.FM.
II. DESCRIPTION
Qihoo 360 Web Security Research Team discovered a critical vulnerability in nginx.
The vulnerability is caused by a int overflow error within the Nginx
ngx_http_close_connection function when r->count is less then 0 or more then 255, which could be exploited
by remote attackers to compromise a vulnerable system via malicious http requests.
III. AFFECTED PRODUCTS
Nginx all latest version
IV. Exploits/PoCs
In-depth technical analysis of the vulnerability and a fully functional remote code execution exploit are available through the [email protected]
In src\http\ngx_http_request_body.c ngx_http_discard_request_body function,we can make r->count++.
V. VUPEN Threat Protection Program
VI. SOLUTION
Validate the r->count input.
VII. CREDIT
This vulnerability was discovered by Safe3 of Qihoo 360.
VIII. ABOUT Qihoo 360
Qihoo 360 is the leading provider of defensive and offensive web cloud security of China.
Comments
Where is the patch if they've really tracked it down enough to say that?
>
>
Unfortunately we weren't approached by "Qihoo 360 Web Security ResearchTeam"
before this publication went out through bugtraq.
>
We are now trying to obtain more information from that team without much success.
>
We've also analyzed their report and we can't conclude this is a real vulnerability yet from the descriptions provided it still looks like it's somewhat spurious.
>
We are trying to continue investigation though.
>
Regrettably responsible disclosure isn't always the case. However, we can't yet confirm it's a full one either.
safe3.com.cn doesn't look very reputable to me
I know if you guys can patch the thank button code in Vanilla that somebody here can verify/deny the snakeoil salesman claim
"Defensive and Offensive Cloud Security" was interesting. Offensive, like flatulence?
http://nginx.org/en/security_advisories.html
Qihoo is notorious in China for producing "cloud security software" that's basically borderline malware.
We do not use nginx..
I agree.
This has nothing to do with what they're talking about.
Qihoo 360 is sh*t, no comment on the nginx issue for I'm not an expert for it.
Wouldn't be surprised if it was a bad compiler.
Is dewlance... you know... ¬¬
True, sometimes that happens :S
Thats what I was waiting for considering the popularity of nginx on this forum