[27997] in bugtraq
LibHTTPD Vulnerability and fix
daemon@ATHENA.MIT.EDU (David J. Hughes)
Tue Nov 26 03:36:11 2002
From: "David J. Hughes" <bambi@Hughes.com.au>
To: "bugtraq" <bugtraq@securityfocus.org>
Date: Mon, 25 Nov 2002 13:23:04 +1000
Message-ID: <MBEKKDFNOOOCNGBGIOMHMEMLHAAA.bambi@Hughes.com.au>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
The SecuriTeam.com web site is running an article that is
attributed to "dong-h0un U" regarding a buffer overflow
vulnerability that exists in releases of LibHTTPD up to
and including the 1.2 release. The article includes full
details of the vulnerability, a patch, and an exploit. See
http://www.securiteam.com/unixfocus/6H00I2060I.html for the
complete article.
Sadly, as vendors of the software package, we were not
informed of this problem by either the article's author
or the organisation providing the web site that is
carrying the article. A recent email from a third party
has brought this to our attention.
To overcome the outlined vulnerability, and to rectify
a couple of other potential sources of buffer overflow
problems, the 1.3 release of LibHTTPD has been made
available. It can be immediately downloaded from our
web site, www.Hughes.com.au
David Hughes
...
