Apache Tcl mod_tcl set_var Function Remote Format String

2006-10-13T06:04:03
ID OSVDB:29536
Type osvdb
Reporter Sparfell()
Modified 2006-10-13T06:04:03

Description

Vulnerability Description

A remote format string vulnerability exists in mod_tcl for the Apache HTTP server. There are format string errors in tcl_cmds.c and tcl_core.c when calling the "set_var()" with user supplied input. With a specially crafted request, an attacker can cause the execution of arbitrary code.

Technical Description

An attacker must know the location of a tcl script that is configured to use the vulnerable module in order to exploit this vulnerability.

Solution Description

Upgrade to version 1.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote format string vulnerability exists in mod_tcl for the Apache HTTP server. There are format string errors in tcl_cmds.c and tcl_core.c when calling the "set_var()" with user supplied input. With a specially crafted request, an attacker can cause the execution of arbitrary code.

References:

Vendor URL: http://tcl.apache.org/ Secunia Advisory ID:22458 Secunia Advisory ID:22549 Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=421 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200610-12.xml Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0225.html ISS X-Force ID: 29550 FrSIRT Advisory: ADV-2006-4033 CVE-2006-4154 Bugtraq ID: 20527