Vulnerability Development mailing list archives
Re: Are NULL pointer deref a security problem ?
From: zeno <bugtraq () cgisecurity net>
Date: Fri, 7 Dec 2001 11:43:09 -0500 (EST)
Hey, I was the first person to report the error but didn't understand the entire reason as to why it was happening until I saw this in the upgrade file . I think it was either code red or nimda when it hit my machine with this configuration would cause childs to segfault. It never caused the main pid to die so if a issue exists its not root but instead user www or nobody. - zeno
From http://www.apache.org/dist/httpd/CHANGES_1.3 :8< ------------------------------------------------------------------------------------------- Changes with Apache 1.3.21 [snip] *) ErrorDocument 404 pointing to a parsed html file with a <!--#include virtual="file" --> with a request URI containing %2f would result in a segfault (NULL pointer deref, not a security problem). [Jeff Moe <tux () themoes org>, Dean Gaudet] PR#8362 8< ------------------------------------------------------------------------------------------- Nicolas Gr?goire
Current thread:
- Are NULL pointer deref a security problem ? Nicolas Gregoire (Dec 07)
- <Possible follow-ups>
- Re: Are NULL pointer deref a security problem ? zeno (Dec 07)
- Fwd: re: Are NULL pointer deref a security problem ? Nicolas Gregoire (Dec 11)