exploits , vulnerabilities , articles , Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability

Title	Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
Published	2004-06-10-12:00AM
Updated	2005-01-29-05:25PM
Class	Boundary Condition Error
CVE	CAN-2004-0492
Remote	Yes
Local	No
Credit	Discovery is credited to Georgi Guninski.
Vulnerable	Trustix Secure Linux 1.5 Sun Solaris 9.0 _x86 Sun Solaris 9.0 Sun Solaris 8.0 _x86 Sun Solaris 8.0 Slackware Linux 10.0 Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1 SGI ProPack 2.4 RedHat Linux 7.3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux AS 2.1 IA64 RedHat Enterprise Linux AS 2.1 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 RedHat Advanced Workstation for the Itanium Processor 2.1 OpenBSD OpenBSD 3.5 OpenBSD OpenBSD 3.4 OpenBSD OpenBSD current IBM HTTP Server 1.3.28 IBM HTTP Server 1.3.26 .2 IBM HTTP Server 1.3.26 .1 IBM HTTP Server 1.3.26 HP Webproxy 2.1 HP HPUX 11.0 4 HP Webproxy 2.0 HP HPUX 11.0 4 HP Webproxy A.02.10 HP HPUX B.11.04 HP Webproxy A.02.00 HP HPUX B.11.04 HP VirtualVault 11.0.4 HP VirtualVault A.04.70 HP HPUX B.11.04 HP VirtualVault A.04.60 HP HPUX B.11.04 HP VirtualVault A.04.50 HP HPUX B.11.04 HP HPUX (VVOS) 11.0 4 HP HPUX 11.22 HP HPUX 11.20 HP HPUX 11.11 HP HPUX 11.0 HP HPUX B.11.22 HP HPUX B.11.11 HP HPUX B.11.00 Apache Software Foundation Apache 1.3.32 Gentoo Linux Gentoo Linux 1.4 Apache Software Foundation Apache 1.3.31 OpenPKG OpenPKG Current Apache Software Foundation Apache 1.3.29 Apple Mac OS X 10.2.7 Apple Mac OS X 10.3.5 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.3.5 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Linux Mandrake 10.0 amd64 OpenPKG OpenPKG 2.0 Apache Software Foundation Apache 1.3.28 Conectiva Linux 8.0 MandrakeSoft Linux Mandrake 9.2 MandrakeSoft Linux Mandrake 9.2 amd64 OpenBSD OpenBSD 3.4 OpenPKG OpenPKG 1.3 Apache Software Foundation Apache 1.3.27 HP HPUX (VVOS) 11.0 4 HP VirtualVault 4.5 HP VirtualVault 4.6 HP Webproxy 2.0 Immunix Immunix OS 7 MandrakeSoft Linux Mandrake 9.1 MandrakeSoft Linux Mandrake 9.1 ppc OpenBSD OpenBSD 3.3 OpenPKG OpenPKG Current RedHat Enterprise Linux AS 2.1 RedHat Enterprise Linux AS 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux WS 2.1 IA64 RedHat Linux Advanced Work Station 2.1 SGI IRIX 6.5.19 Apache Software Foundation Apache 1.3.26 Conectiva Linux 6.0 Conectiva Linux 7.0 Conectiva Linux 8.0 Debian Linux 3.0 alpha Debian Linux 3.0 arm Debian Linux 3.0 hppa Debian Linux 3.0 ia32 Debian Linux 3.0 ia64 Debian Linux 3.0 m68k Debian Linux 3.0 mips Debian Linux 3.0 mipsel Debian Linux 3.0 ppc Debian Linux 3.0 s/390 Debian Linux 3.0 sparc MandrakeSoft Corporate Server 2.1 MandrakeSoft Corporate Server 2.1 x86_64 MandrakeSoft Linux Mandrake 9.0 OpenPKG OpenPKG 1.1 Trustix Secure Linux 1.1 Trustix Secure Linux 1.2 Trustix Secure Linux 1.5
Not Vulnerable	IBM HTTP Server 2.0.47 IBM HTTP Server 2.0.42 .2 IBM HTTP Server 2.0.42 IBM HTTP Server 1.3.19 .5 IBM HTTP Server 1.3.19 .4 IBM HTTP Server 1.3.19 .3 IBM HTTP Server 1.3.19 .2 IBM HTTP Server 1.3.19 .1 IBM HTTP Server 1.3.19 - HP HP-UX 11.0 - IBM AIX 4.3.3 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP6a - RedHat Linux 7.1 - S.u.S.E. Linux 7.1 - Sun Solaris 2.6 - Sun Solaris 7.0 Apache Software Foundation Apache 1.3.33 Apple Mac OS X 10.2.8 Apple Mac OS X 10.3.6 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.3.6 Debian Linux 3.1 Debian Linux 3.1 alpha Debian Linux 3.1 amd64 Debian Linux 3.1 arm Debian Linux 3.1 hppa Debian Linux 3.1 ia-32 Debian Linux 3.1 ia-64 Debian Linux 3.1 m68k Debian Linux 3.1 mips Debian Linux 3.1 mipsel Debian Linux 3.1 ppc Debian Linux 3.1 s/390 Debian Linux 3.1 sparc
Code	A denial of service proof-of-concept script has been published at the following location: http://www.guninski.com/modproxy1.html
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-12-03 Adobe Acrobat 9 Unspecified PDF Document Encryption Weakness
• 2008-12-03 Ocean12 Mailing List Manager Gold SQL Injection and Cross Site Scripting Vulnerabilities
• 2008-12-03 IBM Rational ClearQuest Maintenance Tool Local Information Disclosure Vulnerability
• 2008-12-03 VMware Products Unspecified Host Memory Corruption Vulnerability
• 2008-12-03 IBM Rational ClearQuest Web Multiple Unspecified Cross Site Scripting Vulnerabilities
• 2008-12-02 RakhiSoftware Shopping Cart Multiple Remote Vulnerabilities
• 2008-12-02 Softbiz Classifieds Script Multiple Cross Site Scripting Vulnerabilities
• 2008-12-02 CodeToad ASP Shopping Cart Script Cross Site Scripting Vulnerability
• 2008-12-02 xrdp Multiple Buffer Overflow Vulnerabilities
• 2008-12-02 FFmpeg Multiple Denial of Service Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Thu, 04 Dec 2008 16:28:31 +0000