mod_cplusplus For Apache HTTP Server Unspecified Overflow

2004-09-16T23:47:05
ID OSVDB:10049
Type osvdb
Reporter OSVDB
Modified 2004-09-16T23:47:05

Description

Vulnerability Description

The mod_cplusplus module for apache has been reported to contain an overflow. The information comes from the vendor site where the update lists "Use length based string building to defend against buffer overruns" as one of the new features. After further examination, it was determined that the buffer for converting an integer to a string was sufficient for the MAX integer length on 32 and 64 bit platforms. This would only be exploitable on a processor that was 256-bit.

Solution Description

The vulnerability reported is incorrect. No solution required.

Short Description

The mod_cplusplus module for apache has been reported to contain an overflow. The information comes from the vendor site where the update lists "Use length based string building to defend against buffer overruns" as one of the new features. After further examination, it was determined that the buffer for converting an integer to a string was sufficient for the MAX integer length on 32 and 64 bit platforms. This would only be exploitable on a processor that was 256-bit.

References:

Vendor URL: http://modcplusplus.sourceforge.net/ Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=266645 Security Tracker: 1011238 Other Advisory URL: http://www.securitylab.ru/47958.html