Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server

From: Florian Weimer (Weimerat_private-Stuttgart.DE)
Date: Mon Jun 17 2002 - 11:57:50 PDT

Next message: Jon Masters: "Solaris 8 Screensaver Issue?"

Previous message: Tim Vandermeerch: "PHP source injection in osCommerce"
In reply to: valcu.gheorgheat_private: "Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server"
Next in thread: bogachev igor: "Re[2]: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

<valcu.gheorgheat_private> writes:

> The patch that mentioned casting bufsiz from an int to an unsigned int
> failed to do a few things:
>
> 1) There are 2 instances of the same code in http_protocol.c that need
> to be fixed, as both suffer from the same problem
> 2) The cast to unsigned int was only done in comparison, and was not
> done in assignment, which could possibly lead to problems down the road
> with the int value?

3) Casting to unsigned int does not help that much if the variable in
question is a long.

The Apache CVS repository now seems contain a correct patch.

-- 
Florian Weimer 	                  Weimerat_private-Stuttgart.DE
University of Stuttgart           http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT                          fax +49-711-685-5898

Next message: Jon Masters: "Solaris 8 Screensaver Issue?"
Previous message: Tim Vandermeerch: "PHP source injection in osCommerce"
In reply to: valcu.gheorgheat_private: "Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server"
Next in thread: bogachev igor: "Re[2]: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 17 2002 - 17:08:50 PDT