On Thu, May 11, 2006 at 11:46:21PM +0200, Stefan Fritsch wrote: > severity 366682 important > severity 366683 important > thanks > > Hi, > > the Ubuntu guys already found out that Apache 2 doesn't accept > requests with negative content length and I just checked that Apache > 1.3 doesn't either. I guess this makes this a quite low impact > vulnerability.
what if:
On Thu, May 11, 2006 at 05:46:16PM +0200, Martin Schulze wrote:
> Please note that upstream doesn't check for content length == INT_MAX
i don't have a nagios install online right now (can tomorrow morning)
so i can't run the PoC mentioned in the BTS (thanks stefan), i'd
be interested to see how it handles 2147483647 (or your arch's
equivalent of INT_MAX). if the code actually increments the size
by one AFTER receiving the data... then we should probably readjust
the severities.
and by the way, i'm a bit annoyed that ubuntu managed to send off a
USN on this 4 days ago, and not even bother to think "hey, maybe
we should mention this to the debian guys".
sean
signature.asc
Description: Digital signature
