Posts

Major Stack-based buffer overflow with specially crafted request affecting Nginx 1.3.9 and 1.4.0

There’s an update available for Nginx that brings it up to version 1.4.1. This updated fixes a major stack-based buffer overflow that can arise with a specially crafted request on version 1.3.9 and 1.4.0 and . As the Linux/Cdorked.A backdoor is now showing up on nginx and lighthttpd platforms other than just Apache, and while it’s still unclear how this backdoor is making its way onto webservers it’s recommended that users update their nginx to the latest version to hopefully avoid any obvious security issues.

You can find more information here:
http://nginx.org/en/CHANGES-1.4
http://nginx.org/en/security_advisories.html
http://www.net-security.org/secworld.php?id=14882