Bugtraq: Re: Vulnerability in NCSA HTTPD 1.3

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Vulnerability in NCSA HTTPD 1.3

From: martikka () tele nokia fi (Hannu Martikka)
Date: Wed, 15 Feb 1995 02:50:56 +0200 (EET)


On Tue, 14 Feb 1995, Paul 'Shag' Walmsley wrote:

As Thomas implied, this particular problem can probably be fixed by
changing line 161 of util.c from

      char tmp[MAX_STRING_LEN];
to
      char tmp[HUGE_STRING_LEN];

in NCSA's source.  We're running with the HUGE_STRING_LEN tmp now with no 
(immediately apparent) bad side-effects (other than Thomas' hack not working 
any more ;)

There are other similar places. At least one in http_log.c (111).
At least you could overwrite that temp-variable easily, which caused core...

- Goodi

By Date By Thread

Current thread:

Sendmail 8.6.9, (continued)
- Re: Vulnerability in NCSA HTTPD 1.3 Edy (Feb 14)