Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability

• To: Bernhard.Schneck@physik.tu-muenchen.de, www-security@ns2.rutgers.edu
• Subject: Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
• From: "Phillip M. Hallam-Baker" <hallam@dxal18.cern.ch>
• Date: Wed, 15 Feb 1995 20:27:12 +0900
• cc: hallam@dxal18.cern.ch
• In-reply-to: Your message of "Wed, 15 Feb 1995 20:19:07 +0100." <199502151919.AA19781@srv.cip.physik.tu-muenchen.de>
• Reply-To: www-security@ns2.rutgers.edu

>Well, I've just been over the HTLoadError routine and it certainly
>does unchecked sprintf's to a fixed size buffer when composing the
>error message (same in HTErrorMsg).  No user input is used here,
>thoug, so it may not be harmful.  It just left me wondering where
>else such things might be lurking ...

Yep, I know about those bits, I had a look through them with a view 
to splatting a while back but they seemed OK. The problem is the sheer 
number of lines of code though. It would be much quicker to rewrite the 
code in a different way than to check each part of it fully. This is more
likely to happen as part of a from scratch proxy implementation than
extension of the CERN server though.

This is yet another UNIX screw up. A real O/S simply does not allow 
a process to write to its stack. And a real language would have automatic
resource allocation for strings. 


	Phill

• Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
• From: "David P. Kemp" <dpkemp@afterlife.ncsc.mil>
• Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
• From: "Gintaras Richard Gircys (GG148)" <rich@oester.com>

• Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
• From: Bernhard.Schneck@physik.tu-muenchen.de

• Previous: Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
• Next: Do you know anybody top-notch in security research?
• Index(es):
  • Index
  • Thread