Re: Another flaw in Apache?
From: Pavel Kankovsky (peak@argo.troja.mff.cuni.cz)Date: 06/23/02
- Previous message: bad bob: "Re: spying (deleted) file entries in other users' directories"
- In reply to: Jedi/Sector One: "Another flaw in Apache?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Pavel Kankovsky" <peak@argo.troja.mff.cuni.cz> Date: Sun, 23 Jun 2002 22:14:37 +0200 (MET DST) To: vuln-dev@securityfocus.com
On Sat, 22 Jun 2002, Jedi/Sector One wrote:
> I simply triggered the bug by creating a .htaccess file (so a regular user
> can do it) with :
>
> SetEnv DATE_LOCALE "******************************************..."
ap_cfg_getline() (src/main/util.c), the function used to read lines from
configuration files, including .htaccess, is *very* suspicious. Esp.
the second, "non-getstr" branch (used to interpret parameters of -C only?)
but I suspect the first branch may blow up under some conditions as well.
Of course, something evil might lurk in higher layers of the code as well.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
- Previous message: bad bob: "Re: spying (deleted) file entries in other users' directories"
- In reply to: Jedi/Sector One: "Another flaw in Apache?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Loading
