httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@gonzo.ben.algroup.co.uk>
Subject Re: BIG: WWW Form Bug Report: "Security vulnerability with errordocument in .htaccess" on Solaris 2.x (fwd)
Date Tue, 07 May 1996 19:46:59 GMT
Cliff Skolnick wrote:
> 
> 
> no ack sent...but this is a big one if it is real.

Hmm, yes. And it will almost certainly apply to 1.0.5. I imagine that other
related attacks may be possible, too. We must view every open() with extreme
cynicism. Perhaps we need a secure_open() function?

Cheers,

Ben.

> 
> --
> Cliff Skolnick                                      cliff@organic.com
> 
> "They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759
> 
> ---------- Forwarded message ----------
> Date: Tue May 7 11:14:18 1996
> From: noel@camelcity.com
> To: cliff@organic.com
> Subject: WWW Form Bug Report: "Security vulnerability with errordocument in .htaccess"
on Solaris 2.x
> 
> Submitter: noel@camelcity.com
> Operating system: Solaris 2.x, version: 
> Version of Apache Used: 1.1b2
> Extra Modules used: 
> URL exhibiting problem: 
> 
> Symptoms:
> --
> 1. In .htaccess, define error document to be
> a document which should be protected by
> LIMIT directives elsewhere on the same server
> 
> 2. Create a document in your directory to cause
> the error
> 
> 3. Apache will return the protected document in
> response to the error.  CGI scripts work as
> well as document
> 
> This means that if .htaccess and errordoc is
> enables in my directory, I can read any files
> elsewhere in the same server.
> --
> 
> Backtrace:
> --
> 
> --
> 

-- 
Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant and    Fax:   +44 (181) 994 6472
Technical Director          Email: ben@algroup.co.uk
A.L. Digital Ltd,           URL: http://www.algroup.co.uk
London, England.

Mime
View raw message