Apache HTTP Server Buffer Overflow Vulnerability

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
squeen
Moderator
Moderator
Posts: 2933
Joined: Fri May 09, 2003 6:10 am
Location: Maryland, USA

Apache HTTP Server Buffer Overflow Vulnerability

Unread postby squeen » Wed Oct 29, 2003 4:32 am

Not sure if this affects sgi_apache 1.3.27a, but probably does.


Version Summary
-------------------------------------------------------------------------------------
Apache HTTP Server contains a vulnerability in certain modules that may allow a local attacker to trigger a buffer overflow on the system. Updated packages are available.


Description
-------------------------------------------------------------------------------------
Apache HTTP Server versions 1.3.27 and 1.3.28 contain a vulnerability in certain modules that allow a local attacker to trigger a buffer overflow on the system.

The vulnerability exists in the modules mod_alias and mod_rewrite. The modules improperly handle regular expressions that contain more than nine capturing parenthesis. A local attacker could create a specially crafted configuration file containing such expressions to be used by the modules. This triggers the buffer overflow, which may cause a denial of service (DoS) on the server.

Updated packages are available.

Impact
-------------------------------------------------------------------------------------
A local attacker could exploit this vulnerability to trigger a buffer overflow on the system. This may cause the server to stop responding to requests, resulting in a DoS condition.

Warning Indicators
-------------------------------------------------------------------------------------
Systems running Apache HTTP Server versions 1.3.27 and 1.3.28 are vulnerable.

Technical Information
-------------------------------------------------------------------------------------
The mod_alias and mod_rewrite modules both use regular expressions to parse URLs. If the configuration file for the modules contains expressions with more than nine capturing parenthesis, a buffer overflow occurs on the server. An attacker can exploit the vulnerability by locally creating a malicious .htaccess or httpd.conf file.

-------------------------------------------------------------------------------------
An attacker must be able to create the malicious configuration file locally in order to exploit this vulnerability, which may decrease the likelihood of an attack. Administrators should restrict local access to trusted users.

Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 1 guest