Received: by taz.hyperreal.com (8.8.4/V2.0) id AAA11804;
 Fri, 24 Jan 1997 00:46:12 -0800 (PST)
Received: from scanner.worldgate.com by taz.hyperreal.com (8.8.4/V2.0) with
 ESMTP id AAA11796; Fri, 24 Jan 1997 00:46:09 -0800 (PST)
Received: from znep.com (uucp@localhost) by scanner.worldgate.com
 (8.7.5/8.7.3) with UUCP id BAA21880 for new-httpd@hyperreal.com;
 Fri, 24 Jan 1997 01:46:07 -0700 (MST)
Received: from localhost (marcs@localhost) by alive.ampr.ab.ca (8.7.5/8.7.3)
 with SMTP id BAA04662 for <new-httpd@hyperreal.com>;
 Fri, 24 Jan 1997 01:46:22 -0700 (MST)
Date: Fri, 24 Jan 1997 01:46:21 -0700 (MST)
From: Marc Slemko <marcs@znep.com>
X-Sender: marcs@alive.ampr.ab.ca
To: Apache Mailing List <new-httpd@hyperreal.com>
Subject: Re: Misleading directions
In-Reply-To: <Pine.GSO.3.95.970124002713.3883H-100000@eat.organic.com>
Message-ID: <Pine.BSF.3.95.970124014323.1581Q-100000@alive.ampr.ab.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@hyperreal.com

No, the cookie buffer overflow is the one that is arguably not a problem
in 1.2b4 because it is allocated on the heap, not the stack.  This means
you can't use the standard trick of overwriting the (saved) program
counter, etc. to gain control.  It doesn't necessarily mean it is
unexploitable, but it is generally far far harder.

The mod_dir problem is in 1.2b4.

On Fri, 24 Jan 1997, Brian Behlendorf wrote: 

> On Thu, 23 Jan 1997, Ben Laurie wrote:
> > The front page on www.apache.org suggests upgrading to a 1.2 beta to fix the
> > recent holes. Snag is 1.2b4 still allows the multiple slash hole...
> 
> I thought it was not a problem in 1.2b4?
> 
> 	Brian
> 
> --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
> brian@organic.com  www.apache.org  hyperreal.com  http://www.organic.com/JOBS
>