A security researcher Greg MacManus from iSIGHT Partners Labs discovered a critical security flaw in several recent version of NGINX - an open source web server.
"A stack-based buffer overflow might occur in a worker process while handling a specially crafted request, potentially resulting in arbitrary code execution"
The security flaw now identified with CVE id "CVE-2013-2028" affects nginx version 1.3.9 - 1.4.0. NGINX developers released patch for fixing this security vulnerability.
The problem is fixed in nginx 1.5.0, 1.4.1. Patch for the problem can be found here: http://nginx.org/download/patch.2013.chunked.txt
