[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SECURITY][CVE-2013-2765][ModSecurity] Remote Null Pointer Dereference

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [SECURITY][CVE-2013-2765][ModSecurity] Remote Null Pointer Dereference
From: yjaaidi@xxxxxxxxxxxxxx
Date: Tue, 28 May 2013 21:02:13 GMT

CVE Number: CVE-2013-2765 / ModSecurity Remote Null Pointer Dereference

When ModSecurity receives a request body with a size bigger than the
value set by the "SecRequestBodyInMemoryLimit" and with a
"Content-Type" that has no request body processor mapped to it,
ModSecurity will systematically crash on every call to
"forceRequestBodyVariable" (in phase 1).

In addition to the segfault that occurs here, ModSecurity will not
remove the temporary request body file and the temporary directory
(set by the "SecTmpDir" directive) will keep growing until saturation.

Details : http://www.shookalabs.com/#advisory-cve-2013-2765

Exploit : 
https://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py

Solution : Upgrade to 2.7.4 https://www.modsecurity.org

Prev by Date: CORE-2013-0318 - TP-Link IP Cameras Multiple Vulnerabilities
Next by Date: [SECURITY] [DSA 2695-1] chromium-browser security update
Previous by thread: CORE-2013-0318 - TP-Link IP Cameras Multiple Vulnerabilities
Next by thread: [SECURITY] [DSA 2695-1] chromium-browser security update
Index(es):
- Date
- Thread