[Full-Disclosure] Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?

From: André Malo (nd_at_perlig.de)
Date: 10/30/04

Next message: Jean-Marie Monnier: "Re: [Full-Disclosure] Slightly off-topic: www.georgewbush.com"

Previous message: n3td3v: "Re: [Full-Disclosure] Slightly off-topic: www.georgewbush.com"
In reply to: Larry Cashdollar: "[Full-Disclosure] Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Larry Cashdollar <lwc@vapid.ath.cx>, full-disclosure@lists.netsys.com
Date: Sat, 30 Oct 2004 21:58:50 +0200

* Larry Cashdollar <lwc@vapid.ath.cx> wrote:

> Read the first post by Luiz. This is only applicable if your running
> apache chrooted and htpasswd is part of that chrooted environment.

(1) I've read his post, I answered and my answer never appeared on FD.
(2) It's just FUD. Show me a concrete scenario, where a non-setuid htpasswd
breaks out of a correctly chrooted environment.

-- 
Winnetous Erbe: <http://pub.perlig.de/books.html#apache2>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Jean-Marie Monnier: "Re: [Full-Disclosure] Slightly off-topic: www.georgewbush.com"

Previous message: n3td3v: "Re: [Full-Disclosure] Slightly off-topic: www.georgewbush.com"
In reply to: Larry Cashdollar: "[Full-Disclosure] Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]