Apache mod_cookies Buffer Overflow Vulnerability
BID:1821
Info
Apache mod_cookies Buffer Overflow Vulnerability
| Bugtraq ID: | 1821 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jan 12 1997 12:00AM |
| Updated: | Jan 12 1997 12:00AM |
| Credit: | This vulnerability was discovered by David Sacerdote of Secure Networks Inc. (now Network Associates) on January 12, 1997. |
| Vulnerable: |
Apache Apache 1.1.1 Apache Apache 1.1 Apache Apache 1.0.5 Apache Apache 1.0.3 Apache Apache 1.0.2 Apache Apache 1.0 Apache Apache 0.8.14 Apache Apache 0.8.11 |
| Not Vulnerable: | |
Discussion
Apache mod_cookies Buffer Overflow Vulnerability
The Apache Project is a collaborative software development effort aimed at creating a robust, commercial-grade, featureful, and freely-available source code implementation of an HTTP (Web) server. Certain versions of the Apache webserver shipped with a remotely exploitable buffer overflow attack. This overflow was present in the function make_cookie, in mod_cookies.c used a 100 byte buffer. Remote attackers, if they provided more than 100 bytes, could exploit this vulnerabiltity to gain access to the server running the Apache server.
The Apache Project is a collaborative software development effort aimed at creating a robust, commercial-grade, featureful, and freely-available source code implementation of an HTTP (Web) server. Certain versions of the Apache webserver shipped with a remotely exploitable buffer overflow attack. This overflow was present in the function make_cookie, in mod_cookies.c used a 100 byte buffer. Remote attackers, if they provided more than 100 bytes, could exploit this vulnerabiltity to gain access to the server running the Apache server.
Exploit / POC
Apache mod_cookies Buffer Overflow Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Apache mod_cookies Buffer Overflow Vulnerability
Solution:
This particular vulnerability is not present in any version of the Apache Server post version 1.1.
Solution:
This particular vulnerability is not present in any version of the Apache Server post version 1.1.
References
Apache mod_cookies Buffer Overflow Vulnerability
References:
References:
- Apache Software Foundation Homepage (Apache Software Foundation)
- NAI Security Advisories (Formerly Secure Networks Inc. Advisories) (Network Associates Inc.)