NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vuln-Dev> 2002-q2

From: Jedi/Sector One (jpureftpd.org)
Date: Sat Jun 22 2002 - 14:11:18 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello.

While playing with the SetEnv directive with Apache, I noticed that httpd
processes are dying with a signal 11 if the data stored in an environment
variable was too long.

I simply triggered the bug by creating a .htaccess file (so a regular user
can do it) with :

SetEnv DATE_LOCALE "******************************************..."

The string was 12288 bytes long in my test, but the bug probably occurs
with shorter strings as well.

Then, trying to access a file in the same directory added these lines to
the error log :

[Sat Jun 22 20:59:32 2002] [notice] child pid 22311 exit signal Segmentation
fault (11)
[Sat Jun 22 20:59:51 2002] [notice] child pid 9935 exit signal Segmentation
fault (11)
[Sat Jun 22 20:59:56 2002] [notice] child pid 13005 exit signal Segmentation
fault (11)

Environment : OpenBSD 3.1/x86, Apache 1.3.24+recent fixes from -stable .

Does anyone know what's causing the segmentation fault here?

-- 
 __  /*-      Frank DENIS (Jedi/Sector One) <j42-Networks.Com>     -*\  __
 \ '/    <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a>    \' /
  \/  <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a>  \/

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]