nginx SPDY heap buffer overflow in loads.services.mozilla.com

VERIFIED INVALID

Status

VERIFIED INVALID
5 years ago
5 years ago

People

(Reporter: gopiengg, Unassigned)

Tracking

unspecified
Points:
---
Bug Flags:
sec-bounty -

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [site:loads.services.mozilla.com][reporter-external])

(Reporter)

Description

5 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 (Beta/Release)
Build ID: 20140506152807

Steps to reproduce:

A heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. The problem affects nginx compiled with the ngx_http_spdy_module module (which is not compiled by default) and without --with-debug configure option, if the "spdy" option of the "listen" directive is used in a configuration file.


Actual results:

Impact:
An attacker can cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution 

Fix: upgrade to latest version


Expected results:

reference:
http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html
updated to 1.6.0
This server did not have SPDY enabled so we were not vulnerable to this particular issue
Flags: sec-bounty-
Whiteboard: [site:loads.services.mozilla.com][reporter-external]
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → INVALID
OK. Thanks.
Status: RESOLVED → VERIFIED
Group: mozilla-services-security
You need to log in before you can comment on or make changes to this bug.