'[Full-Disclosure] Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-Disclosure] Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed
From:       André Malo <nd () perlig ! de>
Date:       2004-10-30 19:58:50
Message-ID: 20041030215850.0f08492f () parker
[Download RAW message or body]

* Larry Cashdollar <lwc@vapid.ath.cx> wrote:

> Read the first post by Luiz.   This is only applicable if your running
> apache chrooted and htpasswd is part of that chrooted environment.

(1) I've read his post, I answered and my answer never appeared on FD.
(2) It's just FUD. Show me a concrete scenario, where a non-setuid htpasswd
breaks out of a correctly chrooted environment.

nd
-- 
Winnetous Erbe: <http://pub.perlig.de/books.html#apache2>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic