Apache Module Local Buffer Overflow

["huw trippz" <trippz_au () hotmail com>]

hi,
i was looking at the mod_gzip src and found a sprintf that prints the 
process id and tid onto a var HOST. if you could find a way of changing, or 
spoofing these id's, and since they are strings, you could easily overwrite 
HOST with shellcode if you could spoof the pid or tid. This is probably a 
non-exploit, but anyone with the urge to make themselves look great and get 
a local nobody shell is welcome to try.

"doot"

ohh and i support antisec :)


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp