> Thanks Roberto. :-)
>
> Will you disclose the exploit to check my own server?
Hi, just run
uwsgi --ini path
with path bigger than 1024 bytes.
you should get a crash.
No it is a uWSGI bug, it happens way before the python vm is started
>
> Does the patch applies cleanly to 2.0.15 ?
>
> Is
Thanks Roberto. :-)
Will you disclose the exploit to check my own server?
Does the patch applies cleanly to 2.0.15 ?
Is this is a python 3 bug ?
Best regards,
Etienne
Le 2018-02-06 à 12:22, Roberto De Ioris a écrit :
Hi everyone, the following patch (available for both 2.0 and 2.1) fixes
Hi everyone, the following patch (available for both 2.0 and 2.1) fixes
a potential security vulnerability reported yesterday:
https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe
Any modern system should not be vulnerable thanks to out-of-the-box
protections like stack