Hi, On Tuesday 11 September 2007, Ramon Garcia Fernandez wrote: > Although it is disclosed as a denial of service, it seems > to involve a buffer overflow, and thus allow remote code > execution under the apache account. I can confim, from > attacks in systems of a customer, that this is actually the case. This is a buffer over-read [1]. With some crafted header, apache will read beyond the end of the header, possibly into a region where no memory is allocated. This would result in a segmentation fault and crash of the process. The crafted header needs to come from the Server, not from the client. Therefore this will not affect most reverse proxy configurations, since usually the server behind a reverse proxy is trusted. Cheers, Stefan [1] http://marc.info/?l=apache-httpd-dev&m=118595556504202&w=2
Attachment:
signature.asc
Description: This is a digitally signed message part.