Category Archives: Nginx

An interesting nginx vulnerability

What is nginx

Nginx is a web server, similar to Apache. It was designed much later than Apache, and is faster. Due to its speed, it's often used in combination with Apache, or as a replacement for Apache. The marketshare of nginx has increased during the recent years. so, when you navigate to http://www.hackers.mu/, your request is taken care by the HTTP server. I use Apache for logan.hackers.mu. I could also have used nginx.

Security vulnerability

A security vulnerability is a coding error that allows an attacker to take advantage of the flaw to get some form of control over the server. Nginx has its fair share of vulnerabilities. I'm going to talk about a particular vulnerability: CVE-2013-2028.

CVE-2013-2028

A stack based overflow is usually one of the easiest type of overflow that can be used to remotely take control of a server. CVE-2013-2028 is one such vulnerability. In the HTTP format, there's a field known as the HTTP header. One of the options that can be used for this header is the transfer-encoding chunk mechanism. In this particular case, this field was supposed to contain up to a maximum size. What happens if you go beyond ? Well, it overflows . As the original nginx code contained no way to handle this particular case, an attacker can leverage this to his advantage. He can put a large chunk size, and inject other code that you grant his a remote access to the server. The server can then be controlled remotely. You can change the contents of the website for example, or use the server to attack other servers on the Internet.

If you would like to have additional details, please let me know :)