Vulnerability Development mailing list archives
Re: Another flaw in Apache?
From: "Pavel Kankovsky" <peak () argo troja mff cuni cz>
Date: Sun, 23 Jun 2002 22:14:37 +0200 (MET DST)
On Sat, 22 Jun 2002, Jedi/Sector One wrote:
I simply triggered the bug by creating a .htaccess file (so a regular user can do it) with : SetEnv DATE_LOCALE "******************************************..."
ap_cfg_getline() (src/main/util.c), the function used to read lines from configuration files, including .htaccess, is *very* suspicious. Esp. the second, "non-getstr" branch (used to interpret parameters of -C only?) but I suspect the first branch may blow up under some conditions as well. Of course, something evil might lurk in higher layers of the code as well. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- Re: Another flaw in Apache?, (continued)
- Re: Another flaw in Apache? Filipe Jorge Marques de Almeida (Jun 23)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
- Message not available
- Re: Another flaw in Apache? Filipe Almeida (Jun 23)
- Re: Another flaw in Apache? Alexander Yurchenko (Jun 23)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
- Re: Another flaw in Apache? Michal Zalewski (Jun 23)
- Re: Another flaw in Apache? Michal Zalewski (Jun 23)
- Re: Another flaw in Apache? sd (Jun 26)