[Previous] [Next] [Index]
[Thread]
Re: NCSA httpd 1.3 vulnerability still unsolved? (And where to go to solve it?)
On Sun, 2 Apr 1995, Prentiss Riddle wrote:
> Has any consensus been reached, or are those of us without the time to
> fully research the problem ourselves just supposed to guess based on
> which of these three sources we feel is most trustworthy?
The problem was that there are *many* places in the 1.3 code where
strings are allowed to grow without bounds-checking. The forthcoming 1.4
fixes a very large number of these (possibly all, but I haven't looked
closely at 1.4's src enough to say "all").
If that's not good enough for you now, remember that the bug can only
really be exploited if you're using a binary that the attacker has access
to; thus, if you have modified your httpd at all and recompiled, or you
simply set MAX_STRING_LEN to be another number instead of
HUGE_STRING_LEN, you will probably be safe until 1.4.
Brian
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@hotwired.com brian@hyperreal.com http://www.hotwired.com/Staff/brian/
Follow-Ups:
References: