Re: NCSA httpd 1.3 vulnerability still unsolved? (And where to go to solve it?)

• To: Prentiss Riddle <riddle@is.rice.edu>
• Subject: Re: NCSA httpd 1.3 vulnerability still unsolved? (And where to go to solve it?)
• From: Brian Behlendorf <brian@wired.com>
• Date: Mon, 3 Apr 1995 14:06:37 -0800 (PST)
• cc: www-security@ns1.rutgers.edu, lopatic@dbs.informatik.uni-muenchen.de, httpd@ncsa.uiuc.edu, timbl@w3.org, cert@cert.org
• In-Reply-To: <199504022023.PAA16819@is.rice.edu>

On Sun, 2 Apr 1995, Prentiss Riddle wrote:
> Has any consensus been reached, or are those of us without the time to
> fully research the problem ourselves just supposed to guess based on
> which of these three sources we feel is most trustworthy?

The problem was that there are *many* places in the 1.3 code where 
strings are allowed to grow without bounds-checking.  The forthcoming 1.4 
fixes a very large number of these (possibly all, but I haven't looked
closely at 1.4's src enough to say "all").  

If that's not good enough for you now, remember that the bug can only 
really be exploited if you're using a binary that the attacker has access 
to; thus, if you have modified your httpd at all and recompiled, or you 
simply set MAX_STRING_LEN to be another number instead of 
HUGE_STRING_LEN, you will probably be safe until 1.4.

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@hotwired.com  brian@hyperreal.com  http://www.hotwired.com/Staff/brian/

• Re: NCSA httpd 1.3 vulnerability still unsolved? (And where to go to solve it?)
• From: Paul Phillips <psphilli@sdcc8.UCSD.EDU>

• NCSA httpd 1.3 vulnerability still unsolved? (And where to go to solve it?)
• From: riddle@is.rice.edu (Prentiss Riddle)

• Previous: Re[4]: use of RSA outside US
• Next: Re: NCSA httpd 1.3 vulnerability still unsolved? (And where to go to solve it?)
• Index(es):
  • Index
  • Thread