[ale] Security Alert: DoS against Apache
Kevin Krumwiede
krum at smyrnacable.net
Tue Jun 18 19:58:07 EDT 2002
-----Forwarded Message-----
From: Jesse Tie-Ten-Quee <highos at linuxfromscratch.org>
To: ale at ale.org
To: lfs-security at linuxfromscratch.org
Subject: DoS: Apache 1.3 all versions including 1.3.24, Apache 2 all versions up to 2.0.36
Date: 18 Jun 2002 03:06:15 -0700
Yo,
http://httpd.apache.org/info/security_bulletin_20020617.txt
"In Apache 1.3 the issue causes a stack overflow. Due to the nature of
the overflow on 32-bit Unix platforms this will cause a segmentation
violation and the child will terminate. However on 64-bit platforms the
overflow can be controlled and so for platforms that store return
addresses on the stack it is likely that it is further exploitable. This
could allow arbitrary code to be run on the server as the user the
Apache children are set to run as."
No patches or new releases yet, afaik.
--
Jesse Tie-Ten-Quee ( highos at linuxfromscratch dot org )
--
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list