Return-Path: 
 <users-return-34099-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 43368 invoked from network); 29 Oct 2003 18:54:24 -0000
Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12)
  by minotaur-2.apache.org with SMTP; 29 Oct 2003 18:54:24 -0000
Received: (qmail 42272 invoked by uid 500); 29 Oct 2003 18:54:04 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 42050 invoked by uid 500); 29 Oct 2003 18:54:03 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
list-post: <mailto:users@httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 42037 invoked from network); 29 Oct 2003 18:54:02 -0000
Received: from unknown (HELO out2.smtp.messagingengine.com) (66.111.4.26)
  by daedalus.apache.org with SMTP; 29 Oct 2003 18:54:02 -0000
Received: from mail.messagingengine.com (localhost [127.0.0.1])
	by localhost.localdomain (Postfix) with ESMTP id 440EC382C5C
	for <users@httpd.apache.org>; Wed, 29 Oct 2003 13:54:05 -0500 (EST)
Received: from 10.202.2.150 ([10.202.2.150] helo=mail.messagingengine.com) by
 messagingengine.com
  with SMTP; Wed, 29 Oct 2003 13:54:05 -0500
X-Epoch: 1067453645
X-Sasl-enc: XA4ZEpdQ9n20Jg1NT/eddg
Received: from usager83-164.hec.ca (usager83-164.hec.ca [132.211.83.164])
	by mail.messagingengine.com (Postfix) with ESMTP id DE4CD382C98
	for <users@httpd.apache.org>; Wed, 29 Oct 2003 13:54:04 -0500 (EST)
Date: Wed, 29 Oct 2003 13:50:37 -0500 (Est)
From: Joshua Slive <joshua@slive.ca>
To: users@httpd.apache.org
In-Reply-To: <Pine.GSO.4.30L2.0310291333080.12125-100000@qmail>
Message-ID: <Pine.WNT.4.58.0310291349250.1664@Poste3947.hec.ca>
References: <Pine.GSO.4.30L2.0310291333080.12125-100000@qmail>
X-X-Sender: slive@fastmail.fm@mail.messagingengine.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
Subject: Re: [users@httpd] apache vulnerability
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N


On Wed, 29 Oct 2003, Asif Iqbal wrote:

>
> Hi All
>
> According to this url
>
> http://www.secunia.com/advisories/10096
>
> mod_alias and mod_rewrite have possible buffer overfolw vulnerabilities "if they
> are configured with a regular expression with more than 9 captures".
> Exploitation requires a specially crafted .htaccess file
>
> How would I know if I am using 9 captures or not ? Sorry for a newbie question

A "capture" in a regular expression, is something between parathesis, as
in (.*) or ([a-z]+).  I'm sure there are VERY few people using more than 9
captures.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org