Re: mod_proxy Apache potential issue
On Wed, 23 Jun 2004, Matt Zimmerman wrote:
> On Wed, Jun 23, 2004 at 03:24:13PM +0200, Marc SCHAEFER wrote:
> > it seems there is a potential buffer overflow in Apache's mod_proxy.
> > Are you aware of it ?
> What I believe I heard from our Apache maintainers was that this would only
> crash the child servicing the request (which isn't even a DoS, really), and
> did not actually permit the execution of code, but the description in CVE is
> quite explicit that it is a code execution vulnerability.
> Can someone confirm?
I read the same advisory and we are ready to upload in sid. This is a url
to the sid patch:
It is not intrusive.
<user> fajita: step one
<fajita> Whatever the problem, step one is always to look in the error log.
<user> fajita: step two
<fajita> When in danger or in doubt, step two is to scream and shout.