Caught this on a few security websites... anyone seen something similar?
However, "Qihoo 360 is the leading provider of defensive and offensive web cloud security of China."
Snake oil salesman?
-- copy/paste
Website: http://safe3.com.cn
I. BACKGROUND
Nginx is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. For a long time, it has been running on many heavily loaded Russian sites including Yandex, Mail.Ru, VKontakte, and Rambler. According to Netcraft nginx served or proxied 12.96% busiest sites in April 2013. Here are some of the success stories: Netflix, Wordpress.com, FastMail.FM.
II. DESCRIPTION
Qihoo 360 Web Security Research Team discovered a critical vulnerability in nginx.
The vulnerability is caused by a int overflow error within the Nginx
ngx_http_close_connection function when r->count is less then 0 or more then 255, which could be exploited
by remote attackers to compromise a vulnerable system via malicious http requests.
III. AFFECTED PRODUCTS
Nginx all latest version
IV. Exploits/PoCs
In-depth technical analysis of the vulnerability and a fully functional remote code execution exploit are available through the safe3q@gmail.com
In src\http\ngx_http_request_body.c ngx_http_discard_request_body function,we can make r->count++.
V. VUPEN Threat Protection Program
VI. SOLUTION
Validate the r->count input.
VII. CREDIT
This vulnerability was discovered by Safe3 of Qihoo 360.
VIII. ABOUT Qihoo 360
Qihoo 360 is the leading provider of defensive and offensive web cloud security of China.
IX. REFERENCES
http://nginx.org/en/