Vulnerability Development: Re: Another flaw in Apache?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: Another flaw in Apache?

From: Alexander Yurchenko <grange () rt mipt ru>
Date: Sun, 23 Jun 2002 04:07:57 +0400

On Sat, Jun 22, 2002 at 09:11:18PM +0200, Jedi/Sector One wrote:

  While playing with the SetEnv directive with Apache, I noticed that httpd
processes are dying with a signal 11 if the data stored in an environment
variable was too long.


Nice bug and easy to exploit. I've attached a piece of code which creates an
.htaccess file. Requesting a directory containing this file causes all
httpd daemons to die. Works on my OpenBSD 3.1-current.

-- 
 __  /*-      Frank DENIS (Jedi/Sector One) <j () 42-Networks Com>     -*\  __
 \ '/    <a href="http://www.PureFTPd.Org/";> Secure FTP Server </a>    \' /
  \/  <a href="http://www.Jedi.Claranet.Fr/";> Misc. free software </a>  \/


-- 
   Alexander Yurchenko (aka grange)

Attachment: htx.c
Description:

By Date By Thread

Current thread:

Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Michal Zalewski (Jun 22)
  - Re: Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Alexander Yurchenko (Jun 22)
  - RE: Another flaw in Apache? Ryan Sweat (Jun 22)
  - Re: Another flaw in Apache? Michal Zalewski (Jun 22)
    - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
    - Re: Another flaw in Apache? Filipe Jorge Marques de Almeida (Jun 23)
    - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)