Full Disclosure mailing list archives

Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?

From: André Malo <nd () perlig de>
Date: Sat, 30 Oct 2004 21:58:50 +0200

* Larry Cashdollar <lwc () vapid ath cx> wrote:

Read the first post by Luiz.   This is only applicable if your running
apache chrooted and htpasswd is part of that chrooted environment.


(1) I've read his post, I answered and my answer never appeared on FD.
(2) It's just FUD. Show me a concrete scenario, where a non-setuid htpasswd
breaks out of a correctly chrooted environment.

nd
-- 
Winnetous Erbe: <http://pub.perlig.de/books.html#apache2>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33? Larry Cashdollar (Oct 29)
- <Possible follow-ups>
- Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33? Larry Cashdollar (Oct 30)
  - Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33? André Malo (Oct 30)