18 year old critical vulnerability found in Nginx
twitter.comSevere, but you also need to use quite specific configuration to be vulnerable. I can imagine this pattern to be widespread in some classical PHP applications deployed via nginx.
F5 says: "Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible." https://my.f5.com/manage/s/article/K000161019
But in the write up it says: "Luckily, NGINX uses a multi process architecture where worker processes fork from a single master process. Because of this design, the memory space is duplicated exactly for every child worker. This means the heap layout remains entirely deterministic across different workers. If our exploit fails and crashes a worker, the master process simply spawns a new one with the exact same memory layout. This allows us to safely try multiple times until we succeed without worrying about the worker crashing and changing the memory layout. Theoretically, we could leverage this design to leak ASLR by progressively overwriting pointers byte by byte."
Is this F5 being dishonest?