RE: Another flaw in Apache?

From: Ryan Sweat (h3xm3at_private)
Date: Sat Jun 22 2002 - 19:12:03 PDT

  • Next message: Michal Zalewski: "Re: Another flaw in Apache?"

    Linux doesn't seem vulnerable.  Tested on both Apache/2.0.39 and
    Apache/1.3.20, on Redhat 7.3 and 7.2 respectively.  Error log reports
    'invalid command [data], perhaps mis-spelled or defined by a module not 
    included in the server configuration.'
    
    Where is the overflow taking place on OpenBsd?
    
    -ryan
    
     
    > On Sat, Jun 22, 2002 at 09:11:18PM +0200, Jedi/Sector One wrote:
    > >   While playing with the SetEnv directive with Apache, I noticed
    that
    > httpd
    > > processes are dying with a signal 11 if the data stored in an
    > environment
    > > variable was too long.
    > 
    > Nice bug and easy to exploit. I've attached a piece of code which
    creates
    > an
    > .htaccess file. Requesting a directory containing this file causes all
    > httpd daemons to die. Works on my OpenBSD 3.1-current.
    > 
    > > --
    > >  __  /*-      Frank DENIS (Jedi/Sector One) <j@42-Networks.Com>
    -*\
    > __
    > >  \ '/    <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a>
    > \' /
    > >   \/  <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software
    </a>
    > \/
    > 
    > --
    >    Alexander Yurchenko (aka grange)
    



    This archive was generated by hypermail 2b30 : Sat Jun 22 2002 - 22:14:48 PDT