[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#218188: Security bug's in Apache < 1.3.29

severity 218188 wishlist

Since this requires access to the configuration file (and there are many
worse things that can be done if you have access to the configuration
file), it's not even a local exploit.  As far as we know, anyway.

Just because it's a buffer overflow and a potential security problem does
not mean we need a critical bug.  This is simply a new upstream release,
and the debian-apache cabal are already aware of the new release.

Thank you.

On Wed, Oct 29, 2003 at 04:52:43PM +0100, Ruben Puettmann wrote:
> Apache 1.3.29 Major changes
>   Security vulnerabilities
>      * CAN-2003-0542 (cve.mitre.org)
>        Fix buffer overflows in mod_alias and mod_rewrite which occurred if
>        one configured a regular expression with more than 9 captures.
> See : http://archive.apache.org/dist/httpd/Announcement.txt

"It's not Hollywood.  War is real, war is primarily not about defeat or
victory, it is about death.  I've seen thousands and thousands of dead bodies.
Do you think I want to have an academic debate on this subject?" -- Robert Fisk

Reply to: