Re: mod_proxy Apache potential issue

To: Marc SCHAEFER <schaefer@alphanet.ch>
Cc: team@security.debian.org, apache@packages.debian.org
Subject: Re: mod_proxy Apache potential issue
From: Matt Zimmerman <mdz@debian.org>
Date: Wed, 23 Jun 2004 09:26:58 -0700
Message-id: <[🔎] 20040623162658.GG8741@alcor.net>
Mail-followup-to: Marc SCHAEFER <schaefer@alphanet.ch>, team@security.debian.org, apache@packages.debian.org
In-reply-to: <20040623132413.GA7511@defian.alphanet.ch>
References: <20040623132413.GA7511@defian.alphanet.ch>

On Wed, Jun 23, 2004 at 03:24:13PM +0200, Marc SCHAEFER wrote:

> it seems there is a potential buffer overflow in Apache's mod_proxy.
> 
> Are you aware of it ?

What I believe I heard from our Apache maintainers was that this would only
crash the child servicing the request (which isn't even a DoS, really), and
did not actually permit the execution of code, but the description in CVE is
quite explicit that it is a code execution vulnerability.

Can someone confirm?

-- 
 - mdz

Reply to:

Follow-Ups:
- Re: mod_proxy Apache potential issue
  - From: Fabio Massimo Di Nitto <fabbione@fabbione.net>

Prev by Date: белье
Next by Date: Bug#255930: apache-modconf fails to disable modules
Previous by thread: Re: about leaving libapache-mod-ssl to the debian-apache team
Next by thread: Re: mod_proxy Apache potential issue
Index(es):
- Date
- Thread