FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

apache -- ap_resolve_env buffer overflow

Affected packages
2.0 <= apache < 2.0.50_3

Details

VuXML ID 4d49f4ba-071f-11d9-b45d-000c41e2cdad
Discovery 2004-09-15
Entry 2004-09-15

SITIC discovered a vulnerability in Apache 2's handling of environmental variable settings in the httpd configuration files (the main `httpd.conf' and `.htaccess' files). According to a SITIC advisory:

The buffer overflow occurs when expanding ${ENVVAR} constructs in .htaccess or httpd.conf files. The function ap_resolve_env() in server/util.c copies data from environment variables to the character array tmp with strcat(3), leading to a buffer overflow.

References

CVE Name CVE-2004-0747
Message http://lists.netsys.com/pipermail/full-disclosure/2004-September/026463.html