Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] Apache update
  • From: Roman Drahtmueller <draht@xxxxxxx>
  • Date: Tue, 18 Jun 2002 12:50:15 +0200 (MEST)
  • Message-id: <Pine.LNX.4.44.0206181249080.26702-100000@xxxxxxxxxxxx>
> > I am not certain if this is the exploit you are talking
> > about. There was no link included in the email which you
>
> There was a CERT Advisrory issued on that this morming:
> CERT Advisory CA-2002-17 Apache Web Server Chunk Handling
> Vulnerability
>
> The vulnerability is described in detail on the
> Apache site:
> http://httpd.apache.org/info/security_bulletin_20020617.txt
>
> It seems that the bug is not exploitable on Linux, but I haven't
> found a clear statement what this is concerned.
>
> Perhaps Roman could comment on that.
> I'm CC'ing him just in case he is to busy to read the list at the
> moment...
>

A part of the stack gets overwritten. Regardless of the fact that you
might now be able to overwrite the return address of the function that you
live in with data that you can control, you might be able to overwrite
other "sensitive" parts (or other return addresses). By consequence, the
possible exploit scenario might become somewhat tricky, but speculations
about whether it is exploitable to execute syscalls (or alike) or not are
purely academic at this stage.

There will be an official announcement from our side as soon as possible,
of course. We hope to be ready later today.

Roman.
--
- -
| Roman Drahtm├╝ller <draht@xxxxxxx> // "You don't need eyes to see, |
SuSE Linux AG - Security Phone: // you need vision!"
| N├╝rnberg, Germany +49-911-740530 // Maxi Jazz, Faithless |
- -


< Previous Next >
References