## Monday security report

Last week was quite busy in term of security issues. While people were still facing a security issue affecting Ruby on Rails applications and that was used to exploit github, a new serious vulnerability is the candidate to make pentester happy while assessing customers systems: the MS12-020 bullettin.

## Microsoft MS12-020 bulletin

Last week Microsoft released a security bullettin that it’s likely to gain notoriety among pentester in next years: the MS12-020 bullettin.

Exploits [1], [2], [3] appeared in the wild with an high burn rate. So you may think twice if you’re thinking about not patching your server.

I know, you’re a good guy and you don’t expose RDP protocol on a Microsoft Windows based server over the Internet, but there are also I’m in rush, I have to deploy guys who make mistakes and who don’t take architectural security so seriously.

Opensource software has security vulnerabilities as well, no one is perfect. Someone will argument that opensource maintainers are quickies to fix vulnerabilities compared to commercial vendors.

Most of times this is true, however when a project don’t have a strong community behind, it fails to have a well organized security response team.

## NGINX memory corruption

This is not the case of nginx web server that soffered of a memory corruption vulnerability. Security advisories told that latest stable version, 1.0.14 as the time we’re writing is not vulnerable.

Looking at the patch, it seems that the usage of ngx_cpystrn exposes the code to a off by one buffer overflow.

 c nginx 1.0.14 memory corruption patch http://nginx.org/download/patch.2012.memory.txt … — src/http/modules/ngx_http_fastcgi_module.c +++ src/http/modules/ngx_http_fastcgi_module.c @@ -1501,10 +1501,10 @@ ngx_http_fastcgi_process_header(ngx_http h->lowcase_key = h->key.data + h->key.len + 1 + h->value.len + 1;

• h->key.len + 1);
• h->value.len + 1);
• h->value.data[h->value.len] = ‘\0’; } …