|
|
|
|
| |
"Apache is one of the the world's most widely used Web servers. Originally developed in 1995 by a group that was to go on to become the The Apache Group, the Apache HTTP Server is Open Source Software, and considered by proponents to be fast, scalable and secure. The name was derived from the project's less robust beginnings ('A patchy Web server')."
A buffer overrun vulnerability was recently reported in Apache, this vulnerability could be exploited by malicious attackers to cause a denial of service. |
| |
Credit:
The original article can be found at: http://issues.apache.org/bugzilla/show_bug.cgi?id=35081
|
| |
Vulnerable Systems:
* Apache HTTP Server version 2.0.54
Immune Systems:
* Apache HTTP Server version 2.0.55
A buffer overrun can be found in ssl_callback_SSLVerify_CRL( ) - ssl_engine_kernel.c:
char buff[512]; /* should be plenty */
[...]
n = BIO_read(bio, buff, sizeof(buff));
buff[n] = '\0';
If there are more than 512 bytes the resulting value of n is 512, causing us to write at location 512 (buff[512]) overflowing the buffer by one. The line should read:
n = BIO_read(bio, buff, sizeof(buff) - 1);
|
|
|
|
|
