[997] in bugtraq
Re: Vulnerability in NCSA HTTPD 1.3
daemon@ATHENA.MIT.EDU (Hannu Martikka)
Tue Feb 14 22:55:43 1995
Date: Wed, 15 Feb 1995 02:50:56 +0200 (EET)
From: Hannu Martikka <martikka@tele.nokia.fi>
To: "Paul 'Shag' Walmsley" <ccshag@cclabs.missouri.edu>
Cc: Thomas Lopatic <lopatic@dbs.informatik.uni-muenchen.de>, bugtraq@fc.net
In-Reply-To: <Pine.SGI.3.91.950214002710.12040A-100000@sgi2.phlab.missouri.edu>
On Tue, 14 Feb 1995, Paul 'Shag' Walmsley wrote:
> As Thomas implied, this particular problem can probably be fixed by
> changing line 161 of util.c from
>
> char tmp[MAX_STRING_LEN];
> to
> char tmp[HUGE_STRING_LEN];
>
> in NCSA's source. We're running with the HUGE_STRING_LEN tmp now with no
> (immediately apparent) bad side-effects (other than Thomas' hack not working
> any more ;)
There are other similar places. At least one in http_log.c (111).
At least you could overwrite that temp-variable easily, which caused core...
- Goodi
