Нашел уязвимости в nginx-1.8.0 Раскрутить что нибудь можно?! Severity: High Issue: umask umask() can easily be used to create files with unsafe priviledges. It should be set to restrictive values. File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_daemon.c Lines: 36 Severity: High Issue: getenv Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length. File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_freebsd_init.c Lines: 90 File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_time.c Lines: 29 File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_darwin_init.c Lines: 81 File: /root/Downloads/nginx-1.8.0//src/misc/ngx_google_perftools_module.c Lines: 104 File: /root/Downloads/nginx-1.8.0//src/core/nginx.c Lines: 433 Severity: High Issue: fixed size global buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_channel.c Lines: 26 106 File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_time.c Lines: 44 File: /root/Downloads/nginx-1.8.0//src/event/ngx_event_openssl.c Lines: 1109 File: /root/Downloads/nginx-1.8.0//src/http/ngx_http_request.c Lines: 2718 File: /root/Downloads/nginx-1.8.0//src/http/modules/ngx_http_ssi_filter_module.c Lines: 2729 File: /root/Downloads/nginx-1.8.0//src/http/modules/ngx_http_upstream_keepalive_module.c Lines: 375 File: /root/Downloads/nginx-1.8.0//src/http/ngx_http_upstream.c Lines: 1114 File: /root/Downloads/nginx-1.8.0//src/core/ngx_cycle.c Lines: 56 Severity: High Issue: gethostbyname DNS results can easily be forged by an attacker (or arbitrarily set to large values, etc), and should not be trusted. File: /root/Downloads/nginx-1.8.0//src/core/ngx_inet.c Lines: 1118 Severity: Medium Issue: read Check buffer boundaries if calling this function in a loop and make sure you are not in danger of writing past the allocated space. File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_files.c Lines: 55 File: /root/Downloads/nginx-1.8.0//src/event/modules/ngx_epoll_module.c Lines: 432 873 Severity: Medium Issue: crypt Standard random number generators should not be used to generate randomness used for security reasons. For security sensitive randomness a crytographic randomness generator that provides sufficient entropy should be used. File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_user.c Lines: 67 Severity: Medium Issue: srandom Standard random number generators should not be used to generate randomness used for security reasons. For security sensitive randomness a crytographic randomness generator that provides sufficient entropy should be used. File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_posix_init.c Lines: 78 File: /root/Downloads/nginx-1.8.0//src/os/unix/ngx_process_cycle.c Lines: 913 Severity: Medium Issue: X509_NAME_oneline Allow the function to dynamically allocate the buffer. If you insist on a fixed buffer, then double check that your buffer is as big as you specify. File: /root/Downloads/nginx-1.8.0//src/event/ngx_event_openssl.c Lines: 675 678 3299 3341 Severity: Medium Issue: OPENSSL_free Does the memory need to be cleaned before freeing? File: /root/Downloads/nginx-1.8.0//src/event/ngx_event_openssl.c Lines: 686 690 3306 3313 3348 3355