exploits , vulnerabilities , articles , Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability

Title	Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
Published	2004-09-15-12:00AM
Updated	2004-12-03-03:42PM
Class	Boundary Condition Error
CVE	CAN-2004-0747
Remote	No
Local	Yes
Credit	This vulnerability was discovered by Ulf Harnhammar.
Vulnerable	Turbolinux Turbolinux Desktop 10.0 Trustix Secure Linux 2.1 Trustix Secure Linux 2.0 Trustix Secure Enterprise Linux 2.0 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux AS 3 RedHat Desktop 3.0 MandrakeSoft Linux Mandrake 10.0 amd64 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Linux Mandrake 9.2 amd64 MandrakeSoft Linux Mandrake 9.2 IBM HTTP Server 2.0.47 .1 IBM HTTP Server 2.0.47 IBM HTTP Server 2.0.42 .2 HP Tru64 UNIX Compaq Secure Web Server 6.3 HP Tru64 UNIX Compaq Secure Web Server 5.9.2 HP Tru64 UNIX Compaq Secure Web Server 5.9.1 HP Tru64 UNIX Compaq Secure Web Server 5.8.2 HP Tru64 UNIX Compaq Secure Web Server 5.8.1 HP Tru64 UNIX Compaq Secure Web Server 5.1 A HP Tru64 UNIX Compaq Secure Web Server 5.1 HP Tru64 UNIX Compaq Secure Web Server 5.0 A HP Tru64 UNIX Compaq Secure Web Server 4.0 G HP Tru64 UNIX Compaq Secure Web Server 4.0 F HP OpenVMS Secure Web Server 7.3 2 HP OpenVMS Secure Web Server 7.3 1 HP OpenVMS Secure Web Server 7.3 HP OpenVMS Secure Web Server 7.2 2 HP HPUX B.11.23 HP HPUX B.11.22 HP HPUX B.11.11 HP HPUX B.11.00 HP Compaq Secure Web Server for OpenVMS 2.0 PHP HP Compaq Secure Web Server for OpenVMS 2.0 HP Compaq Secure Web Server for OpenVMS 1.3 HP Compaq Secure Web Server for OpenVMS 1.2 Gentoo Linux 1.4 Conectiva Linux 10.0 Conectiva Linux 9.0 Apache Software Foundation Apache 2.0.50 MandrakeSoft Linux Mandrake 10.1 MandrakeSoft Linux Mandrake 10.1 x86_64 Apache Software Foundation Apache 2.0.49 S.u.S.E. Linux Personal 9.1 Trustix Secure Linux 2.0 Trustix Secure Linux 2.1 Apache Software Foundation Apache 2.0.48 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Linux Mandrake 10.0 amd64 S.u.S.E. Linux 8.1 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 9.0 x86_64 Trustix Secure Linux 2.0 Trustix Secure Linux 2.1 Apache Software Foundation Apache 2.0.47 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.5 MandrakeSoft Linux Mandrake 9.1 MandrakeSoft Linux Mandrake 9.1 ppc MandrakeSoft Linux Mandrake 9.2 MandrakeSoft Linux Mandrake 9.2 amd64 Apache Software Foundation Apache 2.0.46 RedHat Desktop 3.0 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux WS 3 Trustix Secure Linux 2.0 Apache Software Foundation Apache 2.0.45 Apple Mac OS X 10.0 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.4 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.5 Apple Mac OS X 10.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.6 Conectiva Linux 9.0 Apache Software Foundation Apache 2.0.44 Apache Software Foundation Apache 2.0.43 Apache Software Foundation Apache 2.0.42 Gentoo Linux 1.2 Gentoo Linux 1.4 _rc1 Apache Software Foundation Apache 2.0.41 Apache Software Foundation Apache 2.0.40 RedHat Linux 8.0 RedHat Linux 9.0 i386 Terra Soft Solutions Yellow Dog Linux 3.0 Apache Software Foundation Apache 2.0.39 Apache Software Foundation Apache 2.0.38 Apache Software Foundation Apache 2.0.37 Apache Software Foundation Apache 2.0.36 Apache Software Foundation Apache 2.0.35 Apache Software Foundation Apache 2.0.32 Apache Software Foundation Apache 2.0.28 Apache Software Foundation Apache 2.0
Not Vulnerable	HP Tru64 UNIX Compaq Secure Web Server 6.3.2 a Apache Software Foundation Apache 2.0.51 RedHat Fedora Core1
Code	Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: content@securitydot.net <mailto:content@securitydot.net>.
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-11 Symantec Veritas VRTSweb Incoming Data Remote Code Execution Vulnerability
• 2009-12-11 HP OpenView Network Node Manager Perl CGI Executables Remote Code Execution Vulnerability
• 2009-12-11 HP OpenView Network Node Manager Unspecified Stack Buffer Overflow Vulnerability
• 2009-12-11 Joomla! JS Jobs Component Multiple SQL Injection Vulnerabilities
• 2009-12-11 RT Session Fixation Vulnerability
• 2009-12-11 Multiple HP LaserJet Printers Unauthorized Access and Denial of Service Vulnerability
• 2009-12-11 Sun Ray Server Authentication Manager Remote Code Execution Vulnerability
• 2009-12-10 GNU Coreutils Insecure Temporary File Creation Vulnerability
• 2009-12-10 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
• 2009-12-10 Moodle Multiple Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Sat, 12 Dec 2009 09:36:31 +0000