EvilZone

Hacking and Security => Hacking and Security => : chernabog August 22, 2011, 04:44:25 AM

: Need Help !! about rewrite instruction
: chernabog August 22, 2011, 04:44:25 AM

Hi .. could someone give a help or a link to a tuto to know more about:

"Apache mod_rewrite is prone to an off-by-one buffer-overflow condition. The vulnerability arising in the mod_rewrite module's ldap scheme handling allows for potential memory corruption when an attacker exploits certain rewrite rules."

Affected Apache versions:

• Apache 1.3.28 - 1.3.36 with mod_rewrite
• Apache 2.2.0 - 2.2.2 with mod_rewrite
• Apache 2.0.46 - 2.0.58 with mod_rewrite

TY Very much.
 

: Re: Need Help !! about rewrite instruction
: xor August 22, 2011, 09:55:41 AM

"Apache mod_rewrite is prone to an off-by-one buffer-overflow condition.


The vulnerability arising in the mod_rewrite module's ldap scheme handling allows for potential memory corruption when an attacker exploits certain rewrite rules.


An attacker may exploit this issue to trigger a denial-of-service condition. Reportedly, arbitrary code execution may be possible as well." -- http://www.securityfocus.com/bid/19204/discuss (http://www.securityfocus.com/bid/19204/discuss)


Here is the info about when it was discovered and which platforms are vulnerable:
http://www.securityfocus.com/bid/19204/info (http://www.securityfocus.com/bid/19204/info)


Here are a bunch of example exploits which take advantage of this vulnerability. I recommend studying how they have been written to further understand the vulnerability:
http://www.securityfocus.com/bid/19204/exploit (http://www.securityfocus.com/bid/19204/exploit)


-- xor

: Re: Need Help !! about rewrite instruction
: chernabog August 22, 2011, 08:00:38 PM

Thanx too much now i know in wich server this vuln is able to be exploited ... +1