|
|
Re: lug-bg: FW: Apache httpd: vulnerability with chunked encoding
- Subject: Re: lug-bg: FW: Apache httpd: vulnerability with chunked encoding
- From: gf@xxxxxxxxxxx (Georgi Chorbadzhiyski)
- Date: Tue, 18 Jun 2002 00:23:22 +0300
Boyan Krosnov wrote:
> http://httpd.apache.org/info/security_bulletin_20020617.txt
>
> Date: June 17, 2002
> Product: Apache Web Server
> Versions: Apache 1.3 all versions including 1.3.24, Apache 2 all
> versions
> up to 2.0.39
>
> In Apache 1.3 the issue causes a stack overflow. Due to the nature of the
> overflow on 32-bit Unix platforms this will cause a segmentation
> violation
DoS "samo". Ne chak tolkova zle kolko zvucheshe v nachaloto
> and the child will terminate. However on 64-bit platforms the overflow
> can be controlled and so for platforms that store return addresses on
> the
> stack it is likely that it is further exploitable. This could allow
> arbitrary code to be run on the server as the user the Apache children
> are
> set to run as.
Koito ima 64bitovi mashini da mu misli.
> We have been made aware that Apache 1.3 on Windows is exploitable in
> this
> way.
Horata pod Windows niama nachin da ne postradat, che dori i ot apache :)
> Please note that the patch provided by ISS does not correct this
> vulnerability.
>
> The Apache Software Foundation are currently working on new releases
> that
> fix this issue, please see http://httpd.apache.org/ for updated
> versions.
--
Georgi Chorbadzhiyski
http://georgi.top.bg/
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|
|
|