Worker processes are forked from the master, which means they receive the same memory layout. You get unlimited crashes against the worker. There's probably a way to exploit that to get a read oracle. At the very least this is a reliable denial of service.
Worker processes are forked from the master, which means they receive the same memory layout. You get unlimited crashes against the worker. There's probably a way to exploit that to get a read oracle. At the very least this is a reliable denial of service.
Depth First's full writeup: https://depthfirst.com/research/nginx-rift-achieving-nginx-r...
Sure, but I think the github README ought to make it more clear the POC as-is doesn't work against nginx on any current Linux distro.
So you're not vulnerable to script-kiddies running the published PoC. Still probably vulnerable to to a sufficiently-motivated attacker.
6 replies →