DoS: Apache 1.3 all versions including 1.3.24, Apache 2 all versions up to 2.0.36

Jesse Tie-Ten-Quee highos at linuxfromscratch.org
Tue Jun 18 03:06:15 PDT 2002


Yo,

http://httpd.apache.org/info/security_bulletin_20020617.txt

"In Apache 1.3 the issue causes a stack overflow.  Due to the nature of
the overflow on 32-bit Unix platforms this will cause a segmentation
violation and the child will terminate.  However on 64-bit platforms the
overflow can be controlled and so for platforms that store return
addresses on the stack it is likely that it is further exploitable. This
could allow arbitrary code to be run on the server as the user the
Apache children are set to run as."

No patches or new releases yet, afaik.

-- 
Jesse Tie-Ten-Quee  ( highos at linuxfromscratch dot org )
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list