FYI, the details have been published at https://nealpoole.com/blog/2011/08/possible-arbitrary-code-execution- with-null-bytes-php-and-old-versions-of-nginx/
Chinese hackers appear to be particularly interested in this vulnerability. I would recommend trying to release a patched version ASAP. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/803720 Title: nginx packages in hardy/hardy-backports allow null-byte vulnerability in certain configurations To manage notifications about this bug go to: https://bugs.launchpad.net/hardy-backports/+bug/803720/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
