Vulnerability Development mailing list archives
Re: Another flaw in Apache?
From: Jedi/Sector One <j () pureftpd org>
Date: Sat, 22 Jun 2002 21:55:49 +0159
Hi Michal. On Sat, Jun 22, 2002 at 03:38:48PM -0400, Michal Zalewski wrote:
While this apparently is not an issue with "AllowOverride none" (I think that's the default configuration for user-writable directories),
This is indeed the default configuration. However, any hosting service provider will change it to AllowOverride All just because customers like to play with .htaccess . Not sure whether my second post has been delivered or not, but it doesn't seem to be related to SetEnv, but to the parser itself. In fact, *any* long line (not even syntaxically correct) triggers the bug. On my OpenBSD box, a line with about 7000 characters causes the server to do as if there were two distinct lines. With about 10000 chacters and above : segfault. On FreeBSD 4.5, I wasn't able to reproduce this. A long line is splitted in two different lines, but no segfault arises. Best regards, -Frank. -- __ /*- Frank DENIS (Jedi/Sector One) <j () 42-Networks Com> -*\ __ \ '/ <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a> \' / \/ <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a> \/
Current thread:
- Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Michal Zalewski (Jun 22)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Alexander Yurchenko (Jun 22)
- RE: Another flaw in Apache? Ryan Sweat (Jun 22)
- Re: Another flaw in Apache? Michal Zalewski (Jun 22)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
- Re: Another flaw in Apache? Filipe Jorge Marques de Almeida (Jun 23)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
- Message not available
- Re: Another flaw in Apache? Filipe Almeida (Jun 23)
- Re: Another flaw in Apache? Alexander Yurchenko (Jun 23)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
- Re: Another flaw in Apache? Michal Zalewski (Jun 23)