If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)

Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

(remote) Apache exploit

Hecate · 2002-06-22 23:32:56

Guess it's time to upgrade to 1.3.26 :) advisory here: http://www.cert.org/advisories/CA-2002-17.html

Options

23-06-2002 12:32am

#1

Hecate

Registered Users Posts: 2,518 ✭✭✭

Join Date: February 1998

Posts: 2095

Guess it's time to upgrade to 1.3.26

When processing requests coded with the 'Chunked Encoding' mechanism, Apache fails to properly calculate required buffer sizes. This is believed to be due to improper (signed) interpretation of an unsigned integer value. Consequently, several conditions may occur that have security implications. It has been reported that a buffer overrun and signal race condition occur. Exploitation of these conditions may result in the execution of arbitrary code.

advisory here: http://www.cert.org/advisories/CA-2002-17.html

0