[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mod_proxy Apache potential issue



On Wed, 23 Jun 2004, Matt Zimmerman wrote:

> On Wed, Jun 23, 2004 at 03:24:13PM +0200, Marc SCHAEFER wrote:
>
> > it seems there is a potential buffer overflow in Apache's mod_proxy.
> >
> > Are you aware of it ?
>
> What I believe I heard from our Apache maintainers was that this would only
> crash the child servicing the request (which isn't even a DoS, really), and
> did not actually permit the execution of code, but the description in CVE is
> quite explicit that it is a code execution vulnerability.
>
> Can someone confirm?

I read the same advisory and we are ready to upload in sid. This is a url
to the sid patch:

http://cvs.raw.no/cgi-bin/viewcvs.cgi/debian-apache/debian/patches/000_stolen_from_HEAD_CAN-2004-0492?rev=1.1&view=markup

It is not intrusive.

Fabio

-- 
<user> fajita: step one
<fajita> Whatever the problem, step one is always to look in the error log.
<user> fajita: step two
<fajita> When in danger or in doubt, step two is to scream and shout.



Reply to: