Possible Arbitrary Code Execution with Null Bytes (Nginx + PHP)

Joshua Zhu zhuzhaoyuan at gmail.com
Fri Aug 26 03:05:23 UTC 2011


Hi guys,

Just for your information, there is a security hole that may be exploited by
malicious users, when PHP and older versions of nginx (0.5.*, 0.6.*,
0.7 <= 0.7.65, 0.8 <= 0.8.37) being used. And it has been widely spread
these
days.

This vulnerability was found by Neal Poole and has been reported to Igor:
https://nealpoole.com/blog/2011/07/possible-arbitrary-code-execution-with-null-bytes-php-and-old-versions-of-nginx/

I do agree with Igor that it's not an issue of Nginx itself, but those lazy
system administrators should upgrade their Nginx to the latest version right

now.


Regards,

-- 
Joshua Zhu
Senior Software Engineer
Server Platforms Team at Taobao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20110826/823c1387/attachment.html>


More information about the nginx mailing list