[3902] in bugtraq
false alarm: query cgi problem
daemon@ATHENA.MIT.EDU (Apropos of Nothing)
Thu Jan 9 22:32:25 1997
Date: Thu, 9 Jan 1997 20:26:38 -0500
Reply-To: Apropos of Nothing <apropos@sover.net>
From: Apropos of Nothing <apropos@sover.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
For anyone who cares, the buffer overflow in the query cgi is not
exploitable. This is because the exploit requires 21,000+ bytes, and the
maximum size for a URL is 1024 bytes. That is how it is defined in the RFC.
Anyway, consider yourselves lucky since that stops all attacks on query.c
based cgis. (phf, post-query, query, and maybe others have the same buffer
overflow problem).
Of course, it wouldn't hurt to a make getword() et al. do bounds checking.
apropos of nothing
