Closed Bug 1041203 Opened 11 years ago Closed 11 years ago

nginx SPDY heap buffer overflow in loads.services.mozilla.com

Categories

(Cloud Services :: Web Site - Deprecated, defect)

Product:
Cloud Services
Component:
Web Site - Deprecated
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED INVALID

People

(Reporter: gopiengg, Unassigned)

Details

(Keywords: reporter-external, Whiteboard: [site:loads.services.mozilla.com][reporter-external])

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 (Beta/Release) Build ID: 20140506152807 Steps to reproduce: A heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. The problem affects nginx compiled with the ngx_http_spdy_module module (which is not compiled by default) and without --with-debug configure option, if the "spdy" option of the "listen" directive is used in a configuration file. Actual results: Impact: An attacker can cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution Fix: upgrade to latest version Expected results: reference: http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html
updated to 1.6.0
This server did not have SPDY enabled so we were not vulnerable to this particular issue
Flags: sec-bounty-
Whiteboard: [site:loads.services.mozilla.com][reporter-external]
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
OK. Thanks.
Status: RESOLVED → VERIFIED
Group: mozilla-services-security
You need to log in before you can comment on or make changes to this bug.