From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, June 11, 2001 3:17 AM
> I've found a in split-log. Unfortunately, I've added this to the "normal"
> bug tracker.
> Find the details below (or have a look at bug 7848)
As you provide an effective workaround (Thank You!) this isn't as nasty as
a bug report that requires coding, testing, and users patching the server
or downloading new binaries so don't fret over it. I'm forwarding to the
new-httpd list for folks to contemplate.
Thanks for the report, and following up with a post to security@!
Bill
> Full text of PR number 7848:
> Received: (qmail 67618 invoked by uid 501); 11 Jun 2001 08:07:42 -0000
> Message-Id: <[EMAIL PROTECTED]>
> Date: 11 Jun 2001 08:07:42 -0000
> From: Daniel Matuschek <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: split-logfile can be used to write to any file
> X-Send-Pr-Version: 3.110
>
> >Number: 7848
> >Category: general
> >Synopsis: split-logfile can be used to write to any file
> >Confidential: no
> >Severity: serious
> >Priority: medium
> >Responsible: apache
> >State: open
> >Quarter:
> >Keywords:
> >Date-Required:
> >Class: sw-bug
> >Submitter-Id: apache
> >Arrival-Date: Mon Jun 11 01:10:00 PDT 2001
> >Closed-Date:
> >Last-Modified:
> >Originator: [EMAIL PROTECTED]
> >Release: 1.3.x
> >Organization:
> apache
> >Environment:
> any
> >Description:
> If you try to connect to a virtual host starting with a "/" this will result
> in an error BUT will add a line to the access file. If one uses
> split-logfiles to separate the logfile by host name, it is possible to
> append these log lines to any file in the filesystem that is writable by the
> user that is running split-logfile
> >How-To-Repeat:
> telnet somewhere 80
>
> GET / HTTP/1.0
> Host: /
> >Fix:
> add the line
> if ($vhost =~ /\//) { $vhost="access" }
> >Release-Note:
> >Audit-Trail:
> >Unformatted:
> [In order for any reply to be added to the PR database, you need]
> [to include <[EMAIL PROTECTED]> in the Cc line and make sure the]
> [subject line starts with the report component and number, with ]
> [or without any 'Re:' prefixes (such as "general/1098:" or ]
> ["Re: general/1098:"). If the subject doesn't match this ]
> [pattern, your message will be misfiled and ignored. The ]
> ["apbugs" address is not added to the Cc line of messages from ]
> [the database automatically because of the potential for mail ]
> [loops. If you do not include this Cc, your reply may be ig- ]
> [nored unless you are responding to an explicit request from a ]
> [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
