Vulnerability Development mailing list archives
Re: Another flaw in Apache?
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Sat, 22 Jun 2002 21:27:48 -0400 (EDT)
On Sun, 23 Jun 2002, Alexander Yurchenko wrote:
Nice bug and easy to exploit. I've attached a piece of code which creates an .htaccess file. Requesting a directory containing this file causes all httpd daemons to die. Works on my OpenBSD 3.1-current.
Check out what you get - file descriptors and other goodies - and perhaps it is a good time to cc: bugtraq or at least Apache guys?;-) Have fun, -- _____________________________________________________ Michal Zalewski [lcamtuf () bos bindview com] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/
Current thread:
- Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Michal Zalewski (Jun 22)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Alexander Yurchenko (Jun 22)
- RE: Another flaw in Apache? Ryan Sweat (Jun 22)
- Re: Another flaw in Apache? Michal Zalewski (Jun 22)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
- Re: Another flaw in Apache? Filipe Jorge Marques de Almeida (Jun 23)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
- Message not available
- Re: Another flaw in Apache? Filipe Almeida (Jun 23)
- Re: Another flaw in Apache? Alexander Yurchenko (Jun 23)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
- Re: Another flaw in Apache? Michal Zalewski (Jun 23)
- Re: Another flaw in Apache? Michal Zalewski (Jun 23)
- Re: Another flaw in Apache? sd (Jun 26)