[VulnWatch] UNIRAS ALERT - 34/04 - Vulnerability Issues with Apache 2.0.x

From: Richie B. (richie_at_NO-SPAM-HERE.com)
Date: 09/15/04

  • Next message: Securiteinfo.com: "[VulnWatch] myServer 0.7 Directory Traversal Vulnerability"
    Date: Wed, 15 Sep 2004 17:32:52 +0200
    To: vulnwatch@vulnwatch.org
    
    

    I did not see this here yet.

    1. Through the testing of Apache by using the Codenomicon HTTP Test
    Tool, the ASF Security
    Team have discovered a bug in the apr-util library, which can lead to
    arbitrary code
    execution.

    2. SITIC have discovered that Apache suffers from a buffer overflow when
    expanding environment
    variables in configuration files such as .htaccess and httpd.conf,
    leading to possible
    privilege escalation.

    http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-3404.txt


  • Next message: Securiteinfo.com: "[VulnWatch] myServer 0.7 Directory Traversal Vulnerability"

    Relevant Pages

    • [Full-disclosure] Apache 1.3.37 htpasswd buffer overflow vulnerability
      ... Apache 1.3.37 htpasswd buffer overflow vulnerability ... A buffer overflow vilnerability has been found, ... Another similar bug was discovered by Luiz Fernando, ...
      (Full-Disclosure)
    • [Full-Disclosure] SA04-002 - Apache config file env variable buffer overflow
      ... Apache suffers from a buffer overflow when expanding environment variables ... The buffer overflow occurs when expanding $constructs in .htaccess ... Swedish IT Incident Centre, SITIC ... Vulnerability Advisory is the responsibility of each user or organisation. ...
      (Full-Disclosure)
    • SA04-002 - Apache config file env variable buffer overflow
      ... Apache suffers from a buffer overflow when expanding environment variables ... The buffer overflow occurs when expanding $constructs in .htaccess ... Swedish IT Incident Centre, SITIC ... Vulnerability Advisory is the responsibility of each user or organisation. ...
      (Full-Disclosure)
    • SA04-002 - Apache config file env variable buffer overflow
      ... Apache suffers from a buffer overflow when expanding environment variables ... The buffer overflow occurs when expanding $constructs in .htaccess ... Swedish IT Incident Centre, SITIC ... Vulnerability Advisory is the responsibility of each user or organisation. ...
      (Bugtraq)
    • Re: Anti-virus
      ... to a buffer overflow in some server software, e.g. apache or sshd, not by ...
      (alt.os.linux)