Hi,
Does anyone know if the input to htsearch can be used in buffer overrun attacks?
We are running htdig on apache and in checking the access logs I noticed some
odd lines like this.
?config=htdig&restrict=&exclude=&method=boolean&format=builtin-long&words=+++++++++++++++++++++++++++++++ads+++++++++++++++++++++++++++++++++++++++++++++++++++and+%28archsci+or+archsci-www%29
Does this look normal, or is someone trying to force a buffer overrun through
either apache or htdig.
Version info
Solaris 2.5.1
apache 1.2.5
Htdig 3.0.8b2
Cheers
Jon
--
Jon Bagshaw | Phone +44 (1274) 233318
Computer Officer |
University of Bradford | [EMAIL PROTECTED]
----------------------------------------------------------------------
To unsubscribe from the htdig mailing list, send a message to
[EMAIL PROTECTED] containing the single word "unsubscribe" in
the body of the message.
