[3907] in bugtraq
Re: false alarm: query cgi problem
daemon@ATHENA.MIT.EDU (Zygo Blaxell)
Fri Jan 10 21:57:28 1997
Date: Fri, 10 Jan 1997 13:48:15 -0500
Reply-To: Zygo Blaxell <zblaxell@myrus.com>
From: Zygo Blaxell <zblaxell@myrus.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In article <5b4d8o$l37@xeno.myrus.com>,
Apropos of Nothing <apropos@sover.net> wrote:
>For anyone who cares, the buffer overflow in the query cgi is not
>exploitable. This is because the exploit requires 21,000+ bytes, and the
>maximum size for a URL is 1024 bytes. That is how it is defined in the RFC.
Ummm...*which* RFC? I can't find such a limit in rfc1630, rfc1738,
or rfc1945 (URL, relative URL, and HTTP, respectively), although I'm not
trying very hard (grep for 'length', 'max', 'size', 'limit', and 'count').
Also, I was able to put about 8100 bytes of text into a URL with the
GET method using Netscape and Apache. Apache broke first; Netscape will
happily send a 21001+ byte URL, while Apache truncates it after
(presumably) 8192 bytes or so.
--
Zygo Blaxell. Unix/soft/hardware/firewall/security guru. 10th place, ACM Intl
Prog Contest, 1995. Admin Linux+Solaris for food, Tshirts, anime. Pager: 1613
7608572. "I gave up $1000 to avoid working on windoze... *sigh*"-Amy Fong. "smb
is a microsoft toy, like a "child" protocol that never matured"-S Boisjoli.
