[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Security Alert: DoS against Apache

Subject: [ale] Security Alert: DoS against Apache
From: krum at smyrnacable.net (Kevin Krumwiede)
Date: 18 Jun 2002 19:58:07 -0400

-----Forwarded Message-----

From: Jesse Tie-Ten-Quee <highos at linuxfromscratch.org>
To: ale at ale.org
To: lfs-security at linuxfromscratch.org
Subject: DoS: Apache 1.3 all versions including 1.3.24, Apache 2 all versions up to 2.0.36
Date: 18 Jun 2002 03:06:15 -0700

Yo,

http://httpd.apache.org/info/security_bulletin_20020617.txt

"In Apache 1.3 the issue causes a stack overflow.  Due to the nature of
the overflow on 32-bit Unix platforms this will cause a segmentation
violation and the child will terminate.  However on 64-bit platforms the
overflow can be controlled and so for platforms that store return
addresses on the stack it is likely that it is further exploitable. This
could allow arbitrary code to be run on the server as the user the
Apache children are set to run as."

No patches or new releases yet, afaik.

-- 
Jesse Tie-Ten-Quee  ( highos at linuxfromscratch dot org )
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

Prev by Date: [ale] GRUB & dual boots Questions
Next by Date: [ale] Security Alert: DoS against Apache
Previous by thread: [ale] Why won't IP e-mail address go through BS?
Next by thread: [ale] Security Alert: DoS against Apache
Index(es):
- Date
- Thread