Author Topic: Need Help !! about rewrite instruction (Read 1273 times)

chernabog · « **on:** August 22, 2011, 04:44:25 am »

Hi .. could someone give a help or a link to a tuto to know more about:

"Apache mod_rewrite is prone to an off-by-one buffer-overflow condition. The vulnerability arising in the mod_rewrite module's ldap scheme handling allows for potential memory corruption when an attacker exploits certain rewrite rules."

Affected Apache versions:

Apache 1.3.28 - 1.3.36 with mod_rewrite
Apache 2.2.0 - 2.2.2 with mod_rewrite
Apache 2.0.46 - 2.0.58 with mod_rewrite

TY Very much.

xor · « **Reply #1 on:** August 22, 2011, 09:55:41 am »

"Apache mod_rewrite is prone to an off-by-one buffer-overflow condition.

The vulnerability arising in the mod_rewrite module's ldap scheme handling allows for potential memory corruption when an attacker exploits certain rewrite rules.

An attacker may exploit this issue to trigger a denial-of-service condition. Reportedly, arbitrary code execution may be possible as well." -- http://www.securityfocus.com/bid/19204/discuss

Here is the info about when it was discovered and which platforms are vulnerable:
http://www.securityfocus.com/bid/19204/info

Here are a bunch of example exploits which take advantage of this vulnerability. I recommend studying how they have been written to further understand the vulnerability:
http://www.securityfocus.com/bid/19204/exploit

-- xor

chernabog · « **Reply #2 on:** August 22, 2011, 08:00:38 pm »

Thanx too much now i know in wich server this vuln is able to be exploited ... +1

EvilZone

News:

Author Topic: Need Help !! about rewrite instruction (Read 1273 times)

chernabog

Need Help !! about rewrite instruction

xor

Re: Need Help !! about rewrite instruction

chernabog

Re: Need Help !! about rewrite instruction