Full Disclosure mailing list archives
Re: [SECURITY] [DSA 523-1] New www-sql packages fix buffer overflow
From: Ulf Härnhammar <Ulf.Harnhammar.9485 () student uu se>
Date: Sun, 20 Jun 2004 23:03:04 +0200
www-sql has an include command, allowing programs written in www-sql to include files. The buffer overflow occurs when an include command in a web page has a too long path, either one that is hardcoded or one that is stored in a variable. The buffer overflow is stack-based and gives you control over EIP. In the special case where the include command uses a parameter controlled by the web page's visitors (by form data or otherwise), the overflow can be exploited remotely. Otherwise it is a local privilege escalation. I have attached a patch (against version 0.5.7) and a sample web page. // Ulf Harnhammar Debian Security Audit Project http://www.debian.org/security/audit/
Attachment:
test.sql
Description:
Attachment:
www-sql.patch
Description:
Current thread:
- [SECURITY] [DSA 523-1] New www-sql packages fix buffer overflow debian-security-announce (Jun 19)
- <Possible follow-ups>
- Re: [SECURITY] [DSA 523-1] New www-sql packages fix buffer overflow Ulf Härnhammar (Jun 20)