Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] SuSE Security Announcement: Apache (SuSE-SA:2002:022) (fwd)
  • From: Joerg Mayer <jmayer@xxxxxxxxx>
  • Date: Thu, 20 Jun 2002 12:28:32 +0200
  • Message-id: <20020620122832.C14410@xxxxxxxxxxxxxxxxxxxxxxxxx>
On Thu, Jun 20, 2002 at 10:14:58AM +0200, Roman Drahtmueller wrote:
> Date: Wed, 19 Jun 2002 18:28:33 +0200
> Subject: SuSE Security Announcement: Apache (SuSE-SA:2002:022)
>
> Previous versions of apache did not properly detect incorrectly
> encoded chunks, which caused a buffer overflow on the stack.
> On 32bit architectures, this overflow cannot be exploited to inject
> code into the httpd process and gain access to the machine, because
> the overflow will always result in a segmentation fault, and the
> process will terminate.

This may not be correct: to one of the lists vuln-dev or bugtraq the
source to a xxxBSD x86 exploit has been posted. I'll forward it. Note:
I haven't verfied anything in that mail.

ciao
Jörg


< Previous Next >
References