LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

apache: arbitrary code execution

Package(s):apache CVE #(s):CAN-2004-0940
Created:October 29, 2004 Updated:December 14, 2004
Description: According to an Apache announcement, a vulnerability exists in the Apache HTTP server, version 1.3. The problem is a potential buffer overflow in the "get_tag" function of Apache's SSI module "mod_include". It allows local users who can create SSI documents to execute arbitrary code as the Apache run-time user via SSI documents that trigger a content length calculation error.
Alerts:
Red Hat RHSA-2004:600-01 2004-12-13
Mandrake MDKSA-2004:134 2004-11-15
Debian DSA-594-1 2004-11-17
Trustix TSLSA-2004-0056 2004-11-05
Gentoo 200411-03 2004-11-02
Slackware SSA:2004-305-01 2004-11-01
OpenPKG OpenPKG-SA-2004.047 2004-10-29
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds