FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0940

This CVE name corresponds to:

Entered Topic
2004-11-06 apache mod_include buffer overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0940 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0940
Phase Assigned(20041012)

Description

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

References

Source Reference
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
DEBIAN DSA-594
MANDRAKE MDKSA-2004:134
REDHAT RHSA-2004:600
OPENPKG OpenPKG-SA-2004.047
CONFIRM http://www.apacheweek.com/features/security-13
REDHAT RHSA-2005:816
SUNALERT 102197
BID 11471
VUPEN ADV-2006-0789
SECTRACK 1011783
SECUNIA 12898
SECUNIA 19073
XF apache-modinclude-bo(17785)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.