Remotely exploitable overflow in mod_mylo for Apache

From: Carl Livitt (carlat_private)
Date: Mon Jul 28 2003 - 07:47:21 PDT

Next message: Réda Zitouni: "[VulnWatch] Cisco Aironet AP1100 Valid Account Disclosure Vulnerability"

Previous message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: HTTP GET Vulnerability in AP1x00"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There exists a remotely exploitable buffer overflow in the mod_mylo module for 
apache. 

It is a relatively obscure MySQL logging module for Apache that appears not to 
be in widespread use at present. However, it is present in FreeBSD ports, so 
may affect FreeBSD slighly more than Linux systems.

Advisory + exploit attached.

Regards,
Carl

text/plain attachment: CLIVITT-2003-5__apache_mod_mylo_.txt

Next message: Réda Zitouni: "[VulnWatch] Cisco Aironet AP1100 Valid Account Disclosure Vulnerability"
Previous message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: HTTP GET Vulnerability in AP1x00"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 28 2003 - 10:30:37 PDT