uranium
01-14-2004, 09:22 PM
When processing requests coded with the 'Chunked Encoding' mechanism, Apache fails to properly calculate required buffer sizes. This is believed to be due to improper (signed) interpretation of an unsigned integer value. Consequently, several conditions may occur that have security implications. It has been reported that a buffer overrun and signal race condition occur. Exploitation of these conditions may result in the execution of arbitrary code.
**Update**: It has been reported that there is at least one worm exploiting this vulnerability to propagate "in-the-wild". The worm targets FreeBSD 4.5 systems running Apache 1.3.22-24 and 1.3.20. Other versions may also be affected.
Two Exploits Compiled To Binary
1: Apache-nosejob.exe
2:Apache-scalp.exe
Extract This .Rar File & Enjoy!
**Update**: It has been reported that there is at least one worm exploiting this vulnerability to propagate "in-the-wild". The worm targets FreeBSD 4.5 systems running Apache 1.3.22-24 and 1.3.20. Other versions may also be affected.
Two Exploits Compiled To Binary
1: Apache-nosejob.exe
2:Apache-scalp.exe
Extract This .Rar File & Enjoy!