20 Jun
2002
20 Jun
'02
10:28
On Thu, Jun 20, 2002 at 10:14:58AM +0200, Roman Drahtmueller wrote:
Date: Wed, 19 Jun 2002 18:28:33 +0200 Subject: SuSE Security Announcement: Apache (SuSE-SA:2002:022)
Previous versions of apache did not properly detect incorrectly encoded chunks, which caused a buffer overflow on the stack. On 32bit architectures, this overflow cannot be exploited to inject code into the httpd process and gain access to the machine, because the overflow will always result in a segmentation fault, and the process will terminate.
This may not be correct: to one of the lists vuln-dev or bugtraq the source to a xxxBSD x86 exploit has been posted. I'll forward it. Note: I haven't verfied anything in that mail. ciao Jörg