Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability

• To: www-security@ns2.rutgers.edu
• Subject: Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
• From: Bernhard.Schneck@physik.tu-muenchen.de
• Date: Wed, 15 Feb 95 20:19:07 +0100
• Cc: hallam@dxal18.cern.ch
• In-Reply-To: Your message of "Wed, 15 Feb 95 11:53:02 +0900." <95Feb15.115315+0900_met.63660-2+13@dxal18.cern.ch>
• Reply-To: www-security@ns2.rutgers.edu

In message <95Feb15.115315+0900_met.63660-2+13@dxal18.cern.ch> you write:
 > The parts of the Daemon I have checked are based on buffer append routines. 
 >-But
 > there are quite a few of them so its possible one has been missed. I will se
 >-e if 
 > someone can check it out just to be on the safe side.

Well, I've just been over the HTLoadError routine and it certainly
does unchecked sprintf's to a fixed size buffer when composing the
error message (same in HTErrorMsg).  No user input is used here,
thoug, so it may not be harmful.  It just left me wondering where
else such things might be lurking ...

(I added the sc.hostname to the `CERN httpd 3.0' at the bottom of
the error messages, as I regularly use several httpds in a proxy
chain and it is always nice to know on which one the error occured.
The changes are trivial, but I'll send diffs to anyone who wants)

\Bernhard.

• Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
• From: "Phillip M. Hallam-Baker" <hallam@dxal18.cern.ch>

• Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
• From: "Phillip M. Hallam-Baker" <hallam@dxal18.cern.ch>

• Previous: Re: NCSA htaccess and htgroup
• Next: Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
• Index(es):
  • Index
  • Thread