null pointer dereference vulnerability in 0.1.0-0.8.13.

Pior Bastida pior at pbastida.net
Sat Oct 31 14:43:02 MSK 2009


On Friday 30 October 2009 17:32:48 Igor Sysoev wrote:
> On Fri, Oct 30, 2009 at 05:22:41PM +0100, Pior Bastida wrote:
> > On Monday 26 October 2009 19:46:58 Igor Sysoev wrote:
> > > A patch to fix null pointer dereference vulnerability in 0.1.0-0.8.13.
> > > The patch is not required for versions 0.8.15+, 0.7.62+, 0.6.39+,
> > > 0.5.38+.
> >
> > Hello Igor,
> >
> > Can you confirm that it's related to this vulnerability?
> >
> > http://www.securityfocus.com/bid/36839
>
> Yes. However, it's not a buffer overflow as stated there.
> The published exploit causes always a null pointer dereference only
> and you can not execute arbitrary code as stated there.

Thank you !

-- 
Pior Bastida
pior at pbastida.net





More information about the nginx mailing list