Vulnerability Development mailing list archives

Re: Another flaw in Apache?

From: "Pavel Kankovsky" <peak () argo troja mff cuni cz>
Date: Sun, 23 Jun 2002 22:14:37 +0200 (MET DST)

On Sat, 22 Jun 2002, Jedi/Sector One wrote:

  I simply triggered the bug by creating a .htaccess file (so a regular user
can do it) with :

SetEnv DATE_LOCALE "******************************************..."


ap_cfg_getline() (src/main/util.c), the function used to read lines from
configuration files, including .htaccess, is *very* suspicious. Esp.
the second, "non-getstr" branch (used to interpret parameters of -C only?)
but I suspect the first branch may blow up under some conditions as well.
Of course, something evil might lurk in higher layers of the code as well.


--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

Current thread:

Re: Another flaw in Apache?, (continued)
- - - Re: Another flaw in Apache? Filipe Jorge Marques de Almeida (Jun 23)
    - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
    - Message not available
    - Re: Another flaw in Apache? Filipe Almeida (Jun 23)
    - Re: Another flaw in Apache? Alexander Yurchenko (Jun 23)
    - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
    - Re: Another flaw in Apache? Michal Zalewski (Jun 23)
    - Re: Another flaw in Apache? Michal Zalewski (Jun 23)
    - Re: Another flaw in Apache? sd (Jun 26)
  - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
  - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
- Re: Another flaw in Apache? Pavel Kankovsky (Jun 23)