Bugtraq mailing list archives
Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server
From: Florian Weimer <Weimer () CERT Uni-Stuttgart DE>
Date: Mon, 17 Jun 2002 20:57:50 +0200
<valcu.gheorghe () caatoosee ro> writes:
The patch that mentioned casting bufsiz from an int to an unsigned int failed to do a few things: 1) There are 2 instances of the same code in http_protocol.c that need to be fixed, as both suffer from the same problem 2) The cast to unsigned int was only done in comparison, and was not done in assignment, which could possibly lead to problems down the road with the int value?
3) Casting to unsigned int does not help that much if the variable in question is a long. The Apache CVS repository now seems contain a correct patch. -- Florian Weimer Weimer () CERT Uni-Stuttgart DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898
Current thread:
- ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server X-Force (Jun 17)
- Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server valcu.gheorghe (Jun 17)
- Message not available
- Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server Florian Weimer (Jun 17)
- Message not available
- Re[2]: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server bogachev igor (Jun 17)
- Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server Dave Aitel (Jun 19)
- Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server valcu.gheorghe (Jun 17)
- Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server Joe Testa (Jun 19)