On Thu, 4 Sep 1997, Matt Conover wrote:
> Hello (sorry if this gets long or if it's known but I don't think it is):
>
> Well this is an obvious overflow in one of apache's modules; it is
> remote too.....however, luckily for the web admin's it's not installed
> by default. The problem is in mod_auth_anon.c in the function
> anon_authenticate_basic_user(). It contains the following lines:
The mod_auth_anon.c (Version 0.5 May 1996) in Apache 1.2.4 release has the
following code :
if (sec->auth_anon_logemail && r->prev == NULL && r->main == NULL) {
ap_snprintf(errstr, sizeof(errstr), "Anonymous: Passwd <%s> Accepted",
send_pw ? send_pw : "\'none\'");
[...]
} else {
if (sec->auth_anon_authoritative) {
ap_snprintf(errstr,sizeof(errstr),
"Anonymous: Authoritative, Passwd <%s> not accepted",
send_pw ? send_pw : "\'none\'");
I think it should not be vulnerable as it checks for the size of errstr.
So, upgrade the mod_auth_anon.c to version 0.5 or better to Apache v.
1.2.4.
Best regards,
Artur Pydo.