Vulnerability Development mailing list archives
Apache ap_getpass vulnerability
From: Simon Tamás <simont () westel900 hu>
Date: Sat, 1 Jan 2000 05:24:04 +0100
Hi I found this possible vulnerability in Apache 1.3.14 (latest version) It effects apache modules that call the ap_getpass function on Unix platforms. It probably exists in earlier releases, though I haven't checked. The Apache API ap_getpass function is a wrapper around the Os's getpass() function - in case it exists, or defines their own implementation of getpass. qutoe from getpass manual: The getpass function leaves its result in an internal static object and returns a pointer to that object. Subsequent calls to getpass will modify the same object. The calling process should zero the password as soon as possible to avoid leaving the cleartext password visible in the process's address space. Apache doesn't do this "zeroing" so it's possile to get this value. What do you think? Regards S.T.
Attachment:
simont.vcf
Description: Card for Simon Tamás
Current thread:
- Apache ap_getpass vulnerability Simon Tamás (Nov 02)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 03)
- Re: Apache ap_getpass vulnerability Simon Tamás (Nov 03)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 04)
- Re: Apache ap_getpass vulnerability Pavel Kankovsky (Nov 05)
- Re: Apache ap_getpass vulnerability Simon Tamás (Nov 07)
- Re: Apache ap_getpass vulnerability Peter Pentchev (Nov 05)
- Re: Apache ap_getpass vulnerability Simon Tamás (Nov 04)
- Re: Apache ap_getpass vulnerability Peter Pentchev (Nov 05)
- Re: Apache ap_getpass vulnerability Carson Gaspar (Nov 06)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 06)
- Re: Apache ap_getpass vulnerability Simon Tamás (Nov 03)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 03)