apache: off-by-one buffer overflow [LWN.net]

Package(s):

apache apache2 httpd

CVE #(s):

CVE-2006-3747

Created:

July 28, 2006

Updated:

August 2, 2006

Description:

Mark Dowd discovered an off-by-one buffer overflow in the mod_rewrite module's ldap scheme handling. On systems which activate "RewriteEngine on", a remote attacker could exploit certain rewrite rules to crash Apache, or potentially even execute arbitrary code (this has not been verified).

"RewriteEngine on" is disabled by default. Systems which have this directive disabled are not affected at all.

Alerts:

Gentoo	200608-01	2006-08-01
Debian	DSA-1132-1	2005-08-01
Debian	DSA-1131-1	2006-08-01
Slackware	SSA:2006-209-01	2006-07-29
rPath	rPSA-2006-0139-1	2006-07-28
Mandriva	MDKSA-2006:133	2006-07-28
Fedora	FEDORA-2006-863	2006-07-28
Fedora	FEDORA-2006-862	2006-07-28
SuSE	SUSE-SA:2006:043	2006-07-28
OpenPKG	OpenPKG-SA-2006.015	2006-07-28
Ubuntu	USN-328-1	2006-07-27

(Log in to post comments)

apache: off-by-one buffer overflow

Posted Aug 3, 2006 9:34 UTC (Thu) by mjcox@redhat.com (subscriber, #31775) [Link]

Timeline for those interested from my blog

20060721-23:29 Mark Dowd forwards details of issue to security@apache.org
20060722-07:42 Initial response from Apache security team
20060722-08:14 Investigation, testing, and patches created
20060724-19:04 Negotiated release date with reporter
20060725-10:00 Notified NISCC and CERT to give vendors heads up
20060727-17:00 Fixes committed publically
20060727-23:30 Updates released to Apache site
20060828       Public announcement from Apache, McAfee, CERT, NISCC

apache: off-by-one buffer overflow

Posted Aug 3, 2006 10:14 UTC (Thu) by nix (subscriber, #2304) [Link]

I think that last date should be 20060728, right?

apache: off-by-one buffer overflow

Posted Aug 3, 2006 13:53 UTC (Thu) by mjcox@redhat.com (subscriber, #31775) [Link]

Yes. Well spotted :)