httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pascal Junod (Mailing Lists)" <mailingli...@junod.info>
Subject [mod_auth_digest] zombie code
Date Tue, 26 Mar 2013 06:56:16 GMT
Dear Apache developpers,

You might want to clean a bit the code of

modules/aaa/mod_auth_digest.c

This blog post

http://crypto.junod.info/2013/03/25/awakening-zombie-code-in-apache-httpd/

explains why and how.

Essentially, it is possible to make httpd crash by awakening code
related to the MD5-sess digest authentication mechanism variant.

Latest versions 2.4.4 and 2.2.24 are vulnerable to this bug.

A+

Pascal

Mime
View raw message