[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?

To: Larry Cashdollar <lwc@xxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?
From: André Malo <nd@xxxxxxxxx>
Date: Sat, 30 Oct 2004 21:58:50 +0200

* Larry Cashdollar <lwc@xxxxxxxxxxxx> wrote:

> Read the first post by Luiz.   This is only applicable if your running
> apache chrooted and htpasswd is part of that chrooted environment.

(1) I've read his post, I answered and my answer never appeared on FD.
(2) It's just FUD. Show me a concrete scenario, where a non-setuid htpasswd
breaks out of a correctly chrooted environment.

nd
-- 
Winnetous Erbe: <http://pub.perlig.de/books.html#apache2>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?
  - From: Larry Cashdollar

Prev by Date: [Full-Disclosure] bogofilter-SA-2004-01: RFC 2047 Denial-of-service in 0.17.4 <= bogofilter <= 0.92.7
Next by Date: Re: [Full-Disclosure] Slightly off-topic: www.georgewbush.com
Previous by thread: [Full-Disclosure] Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?
Next by thread: [Full-Disclosure] bogofilter-SA-2004-01: RFC 2047 Denial-of-service in 0.17.4 <= bogofilter <= 0.92.7
Index(es):
- Date
- Thread