Re: Another flaw in Apache?

From: Pavel Kankovsky (peakat_private)
Date: Sun Jun 23 2002 - 13:14:37 PDT

  • Next message: Jedi/Sector One: "Re: Another flaw in Apache?"

    On Sat, 22 Jun 2002, Jedi/Sector One wrote:
    
    >   I simply triggered the bug by creating a .htaccess file (so a regular user
    > can do it) with :
    > 
    > SetEnv DATE_LOCALE "******************************************..."
    
    ap_cfg_getline() (src/main/util.c), the function used to read lines from
    configuration files, including .htaccess, is *very* suspicious. Esp.
    the second, "non-getstr" branch (used to interpret parameters of -C only?)
    but I suspect the first branch may blow up under some conditions as well.
    Of course, something evil might lurk in higher layers of the code as well.
    
    
    --Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
    "Resistance is futile. Open your source code and prepare for assimilation."
    



    This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 19:42:17 PDT