Vulnerability Development mailing list archives
RE: Another flaw in Apache?
From: Ryan Sweat <h3xm3 () swbell net>
Date: Sat, 22 Jun 2002 21:12:03 -0500
Linux doesn't seem vulnerable. Tested on both Apache/2.0.39 and Apache/1.3.20, on Redhat 7.3 and 7.2 respectively. Error log reports 'invalid command [data], perhaps mis-spelled or defined by a module not included in the server configuration.' Where is the overflow taking place on OpenBsd? -ryan
On Sat, Jun 22, 2002 at 09:11:18PM +0200, Jedi/Sector One wrote:While playing with the SetEnv directive with Apache, I noticed
that
httpdprocesses are dying with a signal 11 if the data stored in anenvironmentvariable was too long.Nice bug and easy to exploit. I've attached a piece of code which
creates
an .htaccess file. Requesting a directory containing this file causes all httpd daemons to die. Works on my OpenBSD 3.1-current.-- __ /*- Frank DENIS (Jedi/Sector One) <j () 42-Networks Com>
-*\
__\ '/ <a href="http://www.PureFTPd.Org/";> Secure FTP Server </a>\' /\/ <a href="http://www.Jedi.Claranet.Fr/";> Misc. free software
</a>
\/ -- Alexander Yurchenko (aka grange)
Current thread:
- Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Michal Zalewski (Jun 22)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Alexander Yurchenko (Jun 22)
- RE: Another flaw in Apache? Ryan Sweat (Jun 22)
- Re: Another flaw in Apache? Michal Zalewski (Jun 22)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
- Re: Another flaw in Apache? Filipe Jorge Marques de Almeida (Jun 23)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
- Message not available
- Re: Another flaw in Apache? Filipe Almeida (Jun 23)
- Re: Another flaw in Apache? Alexander Yurchenko (Jun 23)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
- Re: Another flaw in Apache? Michal Zalewski (Jun 23)
- Re: Another flaw in Apache? Michal Zalewski (Jun 23)
- Re: Another flaw in Apache? sd (Jun 26)