On Sat, Jun 22, 2002 at 09:11:18PM +0200, Jedi/Sector One wrote: > While playing with the SetEnv directive with Apache, I noticed that httpd > processes are dying with a signal 11 if the data stored in an environment > variable was too long. Nice bug and easy to exploit. I've attached a piece of code which creates an .htaccess file. Requesting a directory containing this file causes all httpd daemons to die. Works on my OpenBSD 3.1-current. > -- > __ /*- Frank DENIS (Jedi/Sector One) <j@42-Networks.Com> -*\ __ > \ '/ <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a> \' / > \/ <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a> \/ -- Alexander Yurchenko (aka grange)
This archive was generated by hypermail 2b30 : Sat Jun 22 2002 - 18:13:57 PDT