apache: off-by-one buffer overflow [LWN.net]

Package(s):

apache apache2 httpd

CVE #(s):

CVE-2006-3747

Created:

July 28, 2006

Updated:

August 2, 2006

Description:

Mark Dowd discovered an off-by-one buffer overflow in the mod_rewrite module's ldap scheme handling. On systems which activate "RewriteEngine on", a remote attacker could exploit certain rewrite rules to crash Apache, or potentially even execute arbitrary code (this has not been verified).

"RewriteEngine on" is disabled by default. Systems which have this directive disabled are not affected at all.

Alerts:

Gentoo	200608-01	apache	2006-08-01
Debian	DSA-1132-1	apache2	2005-08-01
Debian	DSA-1131-1	apache	2006-08-01
Slackware	SSA:2006-209-01	apache	2006-07-29
rPath	rPSA-2006-0139-1	httpd	2006-07-28
Mandriva	MDKSA-2006:133	apache	2006-07-28
Fedora	FEDORA-2006-863	httpd	2006-07-28
Fedora	FEDORA-2006-862	httpd	2006-07-28
SuSE	SUSE-SA:2006:043	apache,apache2	2006-07-28
OpenPKG	OpenPKG-SA-2006.015	apache, apache2	2006-07-28
Ubuntu	USN-328-1	apache2	2006-07-27

to post comments

apache: off-by-one buffer overflow

Posted Aug 3, 2006 9:34 UTC (Thu) by mjcox@redhat.com (guest, #31775) [Link] (2 responses)

Timeline for those interested from my blog

20060721-23:29 Mark Dowd forwards details of issue to security@apache.org
20060722-07:42 Initial response from Apache security team
20060722-08:14 Investigation, testing, and patches created
20060724-19:04 Negotiated release date with reporter
20060725-10:00 Notified NISCC and CERT to give vendors heads up
20060727-17:00 Fixes committed publically
20060727-23:30 Updates released to Apache site
20060828       Public announcement from Apache, McAfee, CERT, NISCC

apache: off-by-one buffer overflow

Posted Aug 3, 2006 10:14 UTC (Thu) by nix (subscriber, #2304) [Link] (1 responses)

I think that last date should be 20060728, right?

apache: off-by-one buffer overflow

Posted Aug 3, 2006 13:53 UTC (Thu) by mjcox@redhat.com (guest, #31775) [Link]

Yes. Well spotted :)