Vulnerability Development mailing list archives
Another flaw in Apache?
From: Jedi/Sector One <j () pureftpd org>
Date: Sat, 22 Jun 2002 21:11:18 +0200
Hello. While playing with the SetEnv directive with Apache, I noticed that httpd processes are dying with a signal 11 if the data stored in an environment variable was too long. I simply triggered the bug by creating a .htaccess file (so a regular user can do it) with : SetEnv DATE_LOCALE "******************************************..." The string was 12288 bytes long in my test, but the bug probably occurs with shorter strings as well. Then, trying to access a file in the same directory added these lines to the error log : [Sat Jun 22 20:59:32 2002] [notice] child pid 22311 exit signal Segmentation fault (11) [Sat Jun 22 20:59:51 2002] [notice] child pid 9935 exit signal Segmentation fault (11) [Sat Jun 22 20:59:56 2002] [notice] child pid 13005 exit signal Segmentation fault (11) Environment : OpenBSD 3.1/x86, Apache 1.3.24+recent fixes from -stable . Does anyone know what's causing the segmentation fault here? -- __ /*- Frank DENIS (Jedi/Sector One) <j () 42-Networks Com> -*\ __ \ '/ <a href="http://www.PureFTPd.Org/";> Secure FTP Server </a> \' / \/ <a href="http://www.Jedi.Claranet.Fr/";> Misc. free software </a> \/
Current thread:
- Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Michal Zalewski (Jun 22)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Alexander Yurchenko (Jun 22)
- RE: Another flaw in Apache? Ryan Sweat (Jun 22)
- Re: Another flaw in Apache? Michal Zalewski (Jun 22)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
- Re: Another flaw in Apache? Filipe Jorge Marques de Almeida (Jun 23)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
- Message not available
- Re: Another flaw in Apache? Filipe Almeida (Jun 23)