Nginx SPDY Implementation Arbitrary Code Execution Vulnerability (CVE-2014-0088)

Release date:
Updated on:

Affected Systems:
Nginx 1.5.10
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67507
CVE (CAN) ID: CVE-2014-0088
 
Nginx is an HTTP and reverse proxy server. It is also used as a mail proxy server and compiled by Igor Sysoev.
 
When nginx SPDY Implementation 1.5.10 runs on a 32-bit platform, the ngx_http_spdy_module stores the SPDY Implementation, allowing remote attackers to execute arbitrary code with specially crafted requests.
 
<* Source: Lucas Molas

Link: http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Nginx
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Http://nginx.org/download/patch.2014.spdy.txt

Deployment of Nginx + MySQL + PHP in CentOS 6.2

Build a WEB server using Nginx

Build a Web server based on Linux6.3 + Nginx1.2 + PHP5 + MySQL5.5

Performance Tuning for Nginx in CentOS 6.3

Configure Nginx to load the ngx_pagespeed module in CentOS 6.3

Install and configure Nginx + Pcre + php-fpm in CentOS 6.4

Build a Video-on-Demand Server using Nginx (simulation of professional streaming media software)

Nginx details: click here
Nginx: click here

This article permanently updates the link address: