|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alexander Yurchenko (grange
rt.mipt.ru)Date: Sat Jun 22 2002 - 19:07:57 CDT
On Sat, Jun 22, 2002 at 09:11:18PM +0200, Jedi/Sector One wrote:
> While playing with the SetEnv directive with Apache, I noticed that httpd
> processes are dying with a signal 11 if the data stored in an environment
> variable was too long.
Nice bug and easy to exploit. I've attached a piece of code which creates an
.htaccess file. Requesting a directory containing this file causes all
httpd daemons to die. Works on my OpenBSD 3.1-current.
> --
> __ /*- Frank DENIS (Jedi/Sector One) <j42-Networks.Com> -*\ __
> \ '/ <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a> \' /
> \/ <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a> \/
-- Alexander Yurchenko (aka grange)
- text/plain attachment: htx.c
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]