(Vendor Issues Fix) Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1011899 |
|
SecurityTracker URL: http://securitytracker.com/id/1011899
|
|
CVE Reference:
CVE-2004-0940
(Links to External Site)
|
Updated: Oct 29 2004
|
Original Entry Date: Oct 22 2004
|
Impact:
Execution of arbitrary code via local system, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 1.3 to prior to 1.3.33
|
Description:
Crazy Einstein reported a buffer overflow in Apache mod_include. A local user may be able to gain elevated privileges.
It is reported that the get_tag() function contains a buffer overflow that can be triggered, for example, from the handle_echo() function. A local user can create specially crafted HTML that, when processed by Apache, will execute arbitrary code with the privileges of the httpd child process.
|
Impact:
A local user can execute arbitrary code with the privileges of the Apache httpd child process.
|
Solution:
The vendor has issued a fixed version (1.3.33), available at:
http://httpd.apache.org/
|
Vendor URL: httpd.apache.org/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Fri, 22 Oct 2004 15:59:17 -0400
Subject: [none]
|
> Fixed in Apache httpd 1.3.33-dev
> moderate: mod_include overflow CAN-2004-0940
> A buffer overflow in mod_include could allow a local user who is authorised
> to create server side include (SSI) files to gain the privileges of a httpd child.
|
|
