Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
BID:9885
Info
Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
| Bugtraq ID: | 9885 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-1765 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 16 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Discovery is credited to Evgeny Legerov <[email protected]>. |
| Vulnerable: |
mod_security mod_security 1.7.4 |
| Not Vulnerable: |
mod_security mod_security 1.7.5 |
Discussion
Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
It has been reported that the Apache 2 mod_security module is affected by an off-by-one buffer overflow condition that could potentially allow a remote attacker to execute arbitrary code on a vulnerable system under some circumstances. The issue presents itself when the 'SecFilterScanPost' directive is enabled. Specifically, malformed POST data sent by a remote attacker may trigger an off-by-one buffer overflow condition.
Due to a lack of details further information cannot be provided at the moment. This BID will be updated as more information becomes available.
mod_security 1.7.4 has been reported to be prone to this issue, however, it is possible that other versions are affected as well.
It has been reported that the Apache 2 mod_security module is affected by an off-by-one buffer overflow condition that could potentially allow a remote attacker to execute arbitrary code on a vulnerable system under some circumstances. The issue presents itself when the 'SecFilterScanPost' directive is enabled. Specifically, malformed POST data sent by a remote attacker may trigger an off-by-one buffer overflow condition.
Due to a lack of details further information cannot be provided at the moment. This BID will be updated as more information becomes available.
mod_security 1.7.4 has been reported to be prone to this issue, however, it is possible that other versions are affected as well.
Exploit / POC
Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
Solution:
The vendor has released mod_security 1.7.5 to address this issue:
mod_security mod_security 1.7.4
Solution:
The vendor has released mod_security 1.7.5 to address this issue:
mod_security mod_security 1.7.4
-
mod_security mod_security-1.7.5.tar.gz
http://www.modsecurity.org/download/mod_security-1.7.5.tar.gz
References
Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
References:
References:
- mod_security Home Page (mod_security)
- ModSecurity 1.7.4 for Apache 2.x remote off-by-one overflow (S-Quadra Security Research