+++ to secure your transactions use the Bitcoin Mixer Service +++

 

We need Your Support. Make a Donation now! or Buy Me A Coffee

Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Overflow in one of Apache 1.1.1 (maybe later too)'s modules

From: pydo () EUROBRETAGNE FR (Artur Pydo - EuroBretagne)
Date: Fri, 5 Sep 1997 11:53:34 +0200

Hello,

On Thu, 4 Sep 1997, Matt Conover wrote:


Hello (sorry if this gets long or if it's known but I don't think it is):

Well this is an obvious overflow in one of apache's modules; it is
remote too.....however, luckily for the web admin's it's not installed
by default. The problem is in mod_auth_anon.c in the function
anon_authenticate_basic_user(). It contains the following lines:


The mod_auth_anon.c (Version 0.5 May 1996) in Apache 1.2.4 release has the
following code :

  if (sec->auth_anon_logemail && r->prev == NULL && r->main == NULL) {
    ap_snprintf(errstr, sizeof(errstr), "Anonymous: Passwd <%s> Accepted",
                send_pw ? send_pw : "\'none\'");

 [...]
   } else {
      if (sec->auth_anon_authoritative) {
        ap_snprintf(errstr,sizeof(errstr),
                    "Anonymous: Authoritative, Passwd <%s> not accepted",
                    send_pw ? send_pw : "\'none\'");

I think it should not be vulnerable as it checks for the size of errstr.

So, upgrade the mod_auth_anon.c to version 0.5 or better to Apache v.
1.2.4.

Best regards,

Artur Pydo.
Previous By Date Next
Previous By Thread Next

Current thread: