[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#441845: Subject: apache2: Remote user can crash Apache if reverse proxy is enabled.

Package: apache2
Severity: critical
Justification: root security hole
Tags: security

*** Please type your report below this line ***

A security hole has been disclosed on the Apache web site.
http://httpd.apache.org/security/vulnerabilities_22.html

Although it is disclosed as a denial of service, it seems
to involve a buffer overflow, and thus allow remote code
execution under the apache account. I can confim, from
attacks in systems of a customer, that this is actually the case.

As I have not seen any security upgrade from 4th of september,
date of the disclosure, I request this issue to be fixed.


Ramon Garcia
Systems Administrator
ramon.garcia@kotasoft.com
http://www.kotasoft.com

-- System Information:
Debian Release: 4.0
 APT prefers stable
 APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-vserver-686
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Reply to: