Re: Buffer overrun in Apache 2.4.7-2.4.17

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Dec 16, 2015 at 12:26 AM, William A Rowe Jr <wrowe@xxxxxxxxxxxxx> wrote:
On Tue, Dec 15, 2015 at 2:34 PM, Mike Pastore <mike@xxxxxxxxx> wrote:
Hi folks,

I believe I've found a buffer overrun affecting (at least) Apache 2.4.7 and 2.4.17. I don't know enough about this sort of thing to determine how serious it is and whether or not it is a potential security vulnerability. If someone would please work with me to validate my findings and help me handle it responsibly, I would greatly appreciate it. 

The only maintained version is 2.4.x branch, which corresponds to 2.4.18 
right now, or 2.2.31.  Anything older that is no longer vulnerable we treat 
as non-sequitur, potentially a problem but not applicable to the shipping
flavors..

Confirmed that the problem is still present in 2.4.18.  
 
We would love for you to reproduce and share at security@xxxxxxxxxxxxxxxx
to confirm or reject the suggested exploit, and we do appreciate responsible
disclosure.
 
I have a separate thread going with the security mailing list but I haven't heard from them in a while. I'll ping them again today.

Thank you!
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux