httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ranier Vilela <ran...@cultura.com.br>
Subject Possible security flaw! (Format BUG)
Date Sun, 31 Aug 2003 09:24:04 GMT
Hello All,
I tested the source code of httpd-2.0.47, with tool pscan (format bug 
scanner) and possible
security flaws is found!
Please, anybody can check if this is real problem of security?

Thanks.

Ranier Vilela
RC Software Ltda.

------------------------------------------------------------------------------------------------------------------------------------------------

[root@desenvolvimento pscan]# ./pscan -vv -w -p wu-ftpd.pscan 
/usr/src/httpd-2.0.47/server/*.c
Scanning /usr/src/httpd-2.0.47/server/buildmark.c ...
Scanning /usr/src/httpd-2.0.47/server/config.c ...
/usr/src/httpd-2.0.47/server/config.c:434 FUNC printf format string with 
1 parameters: OK
/usr/src/httpd-2.0.47/server/config.c:1485 FUNC fprintf format string 
with 2 parameters: OK
/usr/src/httpd-2.0.47/server/config.c:1491 FUNC fprintf format string 
with 2 parameters: OK
/usr/src/httpd-2.0.47/server/config.c:1497 FUNC fprintf format string 
with 2 parameters: OK
/usr/src/httpd-2.0.47/server/config.c:1511 FUNC fprintf format string 
with 3 parameters: OK
/usr/src/httpd-2.0.47/server/config.c:1894 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/config.c:1898 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/config.c:1901 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/config.c:1904 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/config.c:1911 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/config.c:1914 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/config.c:1917 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/config.c:1920 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/config.c:1924 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/config.c:1926 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/config.c:1931 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/config.c:1933 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/config.c:1938 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/config.c:1940 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/config.c:1945 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/config.c:1947 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/config.c:1952 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/config.c:1954 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/config.c:1959 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/config.c:1973 FUNC printf format string 
with 2 parameters: OK
/usr/src/httpd-2.0.47/server/config.c:1976 FUNC printf format string 
with 1 parameters: OK
/usr/src/httpd-2.0.47/server/config.c:1988 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/config.c:1990 FUNC printf format string 
with 1 parameters: OK
Scanning /usr/src/httpd-2.0.47/server/connection.c ...
Scanning /usr/src/httpd-2.0.47/server/core.c ...
Scanning /usr/src/httpd-2.0.47/server/error_bucket.c ...
Scanning /usr/src/httpd-2.0.47/server/exports.c ...
Scanning /usr/src/httpd-2.0.47/server/gen_test_char.c ...
/usr/src/httpd-2.0.47/server/gen_test_char.c:83 FUNC printf format 
string with 5 parameters: OK
/usr/src/httpd-2.0.47/server/gen_test_char.c:105 FUNC printf Last 
argument is variable or reference: BAD
/usr/src/httpd-2.0.47/server/gen_test_char.c:150 FUNC printf format 
string with 2 parameters: OK
/usr/src/httpd-2.0.47/server/gen_test_char.c:153 FUNC printf Last 
argument is variable or reference: BAD
Scanning /usr/src/httpd-2.0.47/server/listen.c ...
Scanning /usr/src/httpd-2.0.47/server/log.c ...
/usr/src/httpd-2.0.47/server/log.c:559 FUNC syslog format string with 1 
parameters: OK
Scanning /usr/src/httpd-2.0.47/server/main.c ...
/usr/src/httpd-2.0.47/server/main.c:91 FUNC printf format string with 1 
parameters: OK
/usr/src/httpd-2.0.47/server/main.c:92 FUNC printf format string with 1 
parameters: OK
/usr/src/httpd-2.0.47/server/main.c:93 FUNC printf format string with 2 
parameters: OK
/usr/src/httpd-2.0.47/server/main.c:101 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:103 FUNC printf format string with 1 
parameters: OK
/usr/src/httpd-2.0.47/server/main.c:107 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:111 FUNC printf format string with 1 
parameters: OK
/usr/src/httpd-2.0.47/server/main.c:115 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:119 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:123 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:127 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:131 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:135 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:139 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:141 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:143 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:148 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:152 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:156 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:160 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:164 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:168 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:172 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:176 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:180 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:184 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:188 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:190 FUNC printf format string with 1 
parameters: OK
/usr/src/httpd-2.0.47/server/main.c:195 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:199 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:203 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:207 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:212 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:216 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:220 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:224 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:228 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:232 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:236 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:240 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:244 FUNC printf Last argument is 
variable or reference: BAD
/usr/src/httpd-2.0.47/server/main.c:522 FUNC printf format string with 1 
parameters: OK
/usr/src/httpd-2.0.47/server/main.c:523 FUNC printf format string with 1 
parameters: OK
Scanning /usr/src/httpd-2.0.47/server/mpm_common.c ...
/usr/src/httpd-2.0.47/server/mpm_common.c:794 FUNC printf format string 
with 1 parameters: OK
/usr/src/httpd-2.0.47/server/mpm_common.c:801 FUNC printf format string 
with 1 parameters: OK
/usr/src/httpd-2.0.47/server/mpm_common.c:811 FUNC printf Last argument 
is variable or reference: BAD
/usr/src/httpd-2.0.47/server/mpm_common.c:821 FUNC printf Last argument 
is variable or reference: BAD
Scanning /usr/src/httpd-2.0.47/server/protocol.c ...
/usr/src/httpd-2.0.47/server/protocol.c:689 FUNC sscanf format string 
with 3 parameters: OK
Scanning /usr/src/httpd-2.0.47/server/provider.c ...
Scanning /usr/src/httpd-2.0.47/server/request.c ...
Scanning /usr/src/httpd-2.0.47/server/rfc1413.c ...
/usr/src/httpd-2.0.47/server/rfc1413.c:253 FUNC sscanf format string 
with 3 parameters: OK
Scanning /usr/src/httpd-2.0.47/server/scoreboard.c ...
Scanning /usr/src/httpd-2.0.47/server/util.c ...
Scanning /usr/src/httpd-2.0.47/server/util_cfgtree.c ...
Scanning /usr/src/httpd-2.0.47/server/util_charset.c ...
Scanning /usr/src/httpd-2.0.47/server/util_debug.c ...
Scanning /usr/src/httpd-2.0.47/server/util_ebcdic.c ...
Scanning /usr/src/httpd-2.0.47/server/util_filter.c ...
Scanning /usr/src/httpd-2.0.47/server/util_md5.c ...
Scanning /usr/src/httpd-2.0.47/server/util_script.c ...
Scanning /usr/src/httpd-2.0.47/server/util_time.c ...
Scanning /usr/src/httpd-2.0.47/server/util_xml.c ...
Scanning /usr/src/httpd-2.0.47/server/vhost.c ...
Warnings: 0
Total problems identified: 59
[root@desenvolvimento pscan]#


Mime
View raw message