Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.

https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

(remote) Apache exploit

22-06-2002 11:32PM

#1

Hecate

Registered Users, Registered Users 2 Posts: 2,518 ✭✭✭

Join Date: February 1998

Posts: 2095

Guess it's time to upgrade to 1.3.26

When processing requests coded with the 'Chunked Encoding' mechanism, Apache fails to properly calculate required buffer sizes. This is believed to be due to improper (signed) interpretation of an unsigned integer value. Consequently, several conditions may occur that have security implications. It has been reported that a buffer overrun and signal race condition occur. Exploitation of these conditions may result in the execution of arbitrary code.

advisory here: http://www.cert.org/advisories/CA-2002-17.html

0