Bugtraq mailing list archives
[SECURITY][CVE-2013-2765][ModSecurity] Remote Null Pointer Dereference
From: yjaaidi () shookalabs com
Date: Tue, 28 May 2013 21:02:13 GMT
CVE Number: CVE-2013-2765 / ModSecurity Remote Null Pointer Dereference When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on every call to "forceRequestBodyVariable" (in phase 1). In addition to the segfault that occurs here, ModSecurity will not remove the temporary request body file and the temporary directory (set by the "SecTmpDir" directive) will keep growing until saturation. Details : http://www.shookalabs.com/#advisory-cve-2013-2765 Exploit : https://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py Solution : Upgrade to 2.7.4 https://www.modsecurity.org
Current thread:
- [SECURITY][CVE-2013-2765][ModSecurity] Remote Null Pointer Dereference yjaaidi (May 29)