Bugtraq mailing list archives

Bug in apache httpd 1.1.3

From: misa () THOR INFOIASI RO (Mihai Ibanescu)
Date: Sun, 16 Feb 1997 15:28:40 +0200


        Hello!

        I noticed something interesting on my RedHat linux system (and on
some other linuxes).
        httpd creates a file /tmp/apache_status, and follows blindly any
link if /tmp/apache_status points somewhere, for instance /etc/passwd. So
one can overwrite any file in the system. If she is able to create such a
link, and I don't think that's impossible.
        The funny thing is that I have apache 1.1.3 installed on a SPARC
Solaris, and the problem doesn't exist there. So am I paranoid, or is
there a problem in the Apache server?

                                                Misa

Department of Computer Science          Mihai Ibanescu
"Al. I. Cuza" Univ. of Iasi             e-mail: misa () infoiasi ro
Romania                                 http://www.infoiasi.ro/~misa

Current thread:

Security Advisory: A simple TCP spoofing attack, (continued)
- - Security Advisory: A simple TCP spoofing attack Oliver Friedrichs (Feb 09)
    - Re: Security Advisory: A simple TCP spoofing attack Wietse Venema (Feb 12)
    - buffer overflow in configurable fingerd? M Shariful Anam (Feb 12)
    - Re: buffer overflow in configurable fingerd? Ken Hollis (Feb 12)
    - Security Bulletins Digest Aleph One (Feb 13)
    - Linux NLSPATH buffer overflow solar () IDEAL RU (Feb 13)
    - Re: Linux NLSPATH buffer overflow Alan Cox (Feb 14)
    - CIAC Bulletin H-27: HP-UX vgdisplay Buffer Overrun Vulnerability Aleph One (Feb 15)
    - screen 3.05.02 Khelbin Sunvold (Feb 15)
    - Re: screen 3.05.02 test (Feb 16)
    - Bug in apache httpd 1.1.3 Mihai Ibanescu (Feb 16)
    - Re: Bug in apache httpd 1.1.3 Dean Gaudet (Feb 16)
    - Announce new phf prober release Ray W. Hiltbrand (Feb 17)
    - Re: Announce new phf prober release J. Bouvrie (Feb 17)
    - NT password dictionary attack. Paul Ashton (Feb 18)
    - New CIFS paper up for grabs *Hobbit* (Feb 18)
    - Re: screen 3.05.02 Mr. Cyb (Feb 16)
    - FreeBSD,rlogin and coredumps. Roelof W Temmingh (Feb 16)
    - Re: FreeBSD,rlogin and coredumps. David Greenman (Feb 16)
    - Re: FreeBSD,rlogin and coredumps. Adrian Chadd (Feb 17)
    - Re: FreeBSD,rlogin and coredumps. Jamshid Abedi (Feb 17)

(Thread continues...)