Re: Another flaw in Apache?

From: Alexander Yurchenko (grangeat_private)
Date: Sat Jun 22 2002 - 17:07:57 PDT

Next message: Ryan Sweat: "RE: Another flaw in Apache?"

Previous message: Jedi/Sector One: "Re: Another flaw in Apache?"
In reply to: Jedi/Sector One: "Another flaw in Apache?"
Next in thread: Ryan Sweat: "RE: Another flaw in Apache?"
Reply: Ryan Sweat: "RE: Another flaw in Apache?"
Reply: Michal Zalewski: "Re: Another flaw in Apache?"
Reply: Jedi/Sector One: "Re: Another flaw in Apache?"
Reply: Jedi/Sector One: "Re: Another flaw in Apache?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jun 22, 2002 at 09:11:18PM +0200, Jedi/Sector One wrote:
>   While playing with the SetEnv directive with Apache, I noticed that httpd
> processes are dying with a signal 11 if the data stored in an environment
> variable was too long.

Nice bug and easy to exploit. I've attached a piece of code which creates an
.htaccess file. Requesting a directory containing this file causes all
httpd daemons to die. Works on my OpenBSD 3.1-current.

> -- 
>  __  /*-      Frank DENIS (Jedi/Sector One) <j@42-Networks.Com>     -*\  __
>  \ '/    <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a>    \' /
>   \/  <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a>  \/

-- 
   Alexander Yurchenko (aka grange)

text/plain attachment: htx.c

Next message: Ryan Sweat: "RE: Another flaw in Apache?"
Previous message: Jedi/Sector One: "Re: Another flaw in Apache?"
In reply to: Jedi/Sector One: "Another flaw in Apache?"
Next in thread: Ryan Sweat: "RE: Another flaw in Apache?"
Reply: Ryan Sweat: "RE: Another flaw in Apache?"
Reply: Michal Zalewski: "Re: Another flaw in Apache?"
Reply: Jedi/Sector One: "Re: Another flaw in Apache?"
Reply: Jedi/Sector One: "Re: Another flaw in Apache?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jun 22 2002 - 18:13:57 PDT