You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Ben Laurie <be...@algroup.co.uk> on 1997/09/05 17:59:28 UTC

[Fwd: Overflow in one of Apache 1.1.1 (maybe later too)'s modules]

Ooops. I think we'd better fix this (if still present in 1.2.4) before
someone publishes the exploit.

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 994 6435|Apache Group member
Freelance Consultant  |Fax:   +44 (181) 994 6472|http://www.apache.org
and Technical Director|Email: ben@algroup.co.uk |Apache-SSL author
A.L. Digital Ltd,     |http://www.algroup.co.uk/Apache-SSL
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache

Re: [Fwd: Overflow in one of Apache 1.1.1 (maybe later too)'s modules]

Posted by Marc Slemko <ma...@worldgate.com>.

On Fri, 5 Sep 1997, Ben Laurie wrote:

> Ooops. I think we'd better fix this (if still present in 1.2.4) before
> someone publishes the exploit.

AFAIK, there never could be an exploit for it.  That is one of 
several hundred bits of code that makes assumptions about how
big the headers being read can be; currently, those assumptions
are valid so it is impossible to read data large enough to overflow
the buffer.  

Regardless, I fixed it in 1.2bsomething.