OpenBSD HTTPD mod_include Local Buffer Overflow Vulnerability
BID:12251
Info
OpenBSD HTTPD mod_include Local Buffer Overflow Vulnerability
| Bugtraq ID: | 12251 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 12 2005 12:00AM |
| Updated: | Jan 12 2005 12:00AM |
| Credit: | This issue was reported by the vendor. |
| Vulnerable: |
OpenBSD OpenBSD 2.9 OpenBSD OpenBSD 2.8 OpenBSD OpenBSD 2.7 OpenBSD OpenBSD 2.6 OpenBSD OpenBSD 2.5 OpenBSD OpenBSD 2.4 OpenBSD OpenBSD 2.3 OpenBSD OpenBSD 2.2 OpenBSD OpenBSD 2.1 OpenBSD OpenBSD 2.0 OpenBSD OpenBSD 3.6 OpenBSD OpenBSD 3.5 OpenBSD OpenBSD 3.4 OpenBSD OpenBSD 3.3 OpenBSD OpenBSD 3.2 OpenBSD OpenBSD 3.1 OpenBSD OpenBSD 3.0 |
| Not Vulnerable: | |
Discussion
OpenBSD HTTPD mod_include Local Buffer Overflow Vulnerability
OpenBSD httpd mod_include is reported prone to a local buffer overflow vulnerability. This issue arises because the application fails to perform boundary checks on user-supplied data before copying it in to sensitive process buffers. This issue may allow attackers to crash the server and potentially execute arbitrary code.
Specifically, this issue presents itself when a vulnerable server has the XBitHack directive or server-side includes functionality enabled.
A successful attack may result in a denial of service condition, however, it is conjectured that arbitrary code execution in the context of the httpd process may be possible as well.
OpenBSD httpd mod_include is reported prone to a local buffer overflow vulnerability. This issue arises because the application fails to perform boundary checks on user-supplied data before copying it in to sensitive process buffers. This issue may allow attackers to crash the server and potentially execute arbitrary code.
Specifically, this issue presents itself when a vulnerable server has the XBitHack directive or server-side includes functionality enabled.
A successful attack may result in a denial of service condition, however, it is conjectured that arbitrary code execution in the context of the httpd process may be possible as well.
Exploit / POC
OpenBSD HTTPD mod_include Local Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
OpenBSD HTTPD mod_include Local Buffer Overflow Vulnerability
Solution:
The vendor has released a patch to address this issue.
OpenBSD OpenBSD 3.5
OpenBSD OpenBSD 3.3
OpenBSD OpenBSD 3.2
OpenBSD OpenBSD 3.1
OpenBSD OpenBSD 3.6
OpenBSD OpenBSD 3.0
OpenBSD OpenBSD 3.4
OpenBSD OpenBSD 2.0
OpenBSD OpenBSD 2.1
OpenBSD OpenBSD 2.2
OpenBSD OpenBSD 2.3
OpenBSD OpenBSD 2.4
OpenBSD OpenBSD 2.5
OpenBSD OpenBSD 2.6
OpenBSD OpenBSD 2.7
OpenBSD OpenBSD 2.8
OpenBSD OpenBSD 2.9
Solution:
The vendor has released a patch to address this issue.
OpenBSD OpenBSD 3.5
-
OpenBSD 009_httpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch
OpenBSD OpenBSD 3.3
-
OpenBSD 009_httpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch
OpenBSD OpenBSD 3.2
-
OpenBSD 009_httpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch
OpenBSD OpenBSD 3.1
-
OpenBSD 009_httpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch
OpenBSD OpenBSD 3.6
-
OpenBSD 009_httpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch
OpenBSD OpenBSD 3.0
-
OpenBSD 009_httpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch
OpenBSD OpenBSD 3.4
-
OpenBSD 009_httpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch
OpenBSD OpenBSD 2.0
-
OpenBSD 009_httpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch
OpenBSD OpenBSD 2.1
-
OpenBSD 009_httpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch
OpenBSD OpenBSD 2.2
-
OpenBSD 009_httpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch
OpenBSD OpenBSD 2.3
-
OpenBSD 009_httpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch
OpenBSD OpenBSD 2.4
-
OpenBSD 009_httpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch
OpenBSD OpenBSD 2.5
-
OpenBSD 009_httpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch
OpenBSD OpenBSD 2.6
-
OpenBSD 009_httpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch
OpenBSD OpenBSD 2.7
-
OpenBSD 009_httpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch
OpenBSD OpenBSD 2.8
-
OpenBSD 009_httpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch
OpenBSD OpenBSD 2.9
-
OpenBSD 009_httpd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch
References
OpenBSD HTTPD mod_include Local Buffer Overflow Vulnerability
References:
References:
- OpenBSD Errata Page (OpenBSD)