DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=29425>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=29425 apache reads out parts of hd or memory on format string exploit Summary: apache reads out parts of hd or memory on format string exploit Product: Apache httpd-2.0 Version: 2.0.49 Platform: PC URL: http://pan-data.dyndns.org OS/Version: Linux Status: NEW Severity: Normal Priority: Other Component: All AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] When apache is receiving a format string exploit (longer than 8190 bytes), it writes out the string plus some informations at the end of the log file. These additional informations are obviously gathered from hd or memory (???). access_log: ... ... ... ... x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90nt: Tuesday, June 01, 2004 7:41 AM\r\n> >> >> >Subject: New CCOUNT version 1.19 released.\r\n> >> >> >\r\n> >> >> >\r\n> >> >> >> Dear CCOUNT user,\r\n> >> >> >>\r\n> >> >> >> we're proud to announce a new CCOUNT\r\n> >version\r\n> >> >> >1.19.\r\n> >> >> >> This release contains some bugfixes and a\r\n> >few\r\n> >> >> >improvements.\r\n> >> >> >>\r\n> >> >> >> Please find the complete list of changes\r\n> >at\r\n> >> >> >>\r\n> >> >> >>\r\n> >> >>\r\n> >>\r\n> >>>http://pan-data.dyndns.org/ccount/inst/changelog.txt\r\n> >> >> >>\r\n> >> >> >> You can find some additional informations\r\n> >and\r\n> >> >> >the\r\n> >> >> >> downloads at\r\n> >> >> >>\r\n> >> >> >> http://pan-data.dyndns.org/ccount/\r\n> >> >> >>\r\n> >> >> >> If you want to unsubscribe from CCOUNT\r\n> >> >> >newsletter,\r\n> >> >> >> please reply this mail with subject\r\n> >> >> >\"ccount-unsubscribe\".\r\n> >> >> >>\r\n> >> >> >> Thanks for using CCOUNT,\r\n> >> >> >> The CCOUNT Team\r\n> >> >> >\r\n> >> >> >\r\n> >> >\r\n> >\r\n> >\r\n>\r\n" 414 250 - As you can see, it not only shows all these x90\x90\x90\..., but also some informations (starting with nt:Tuesday, June 01, 2004 7:41 AM\r\....). In this case, it's an email which has been send out on June, 01 2004. If this contains confidential informations, these are visible for others by just looking in the apache logs. Volker --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
