There is a buffer overflow vulnerability in ap_resolve_env() function of Apache that could allow a local user to gain elevated privileges.
The Apache HTTP Server is a freely available web server that runs on a variety of operating systems including Unix, Linux, and Microsoft Windows. The ap_resolve_env() function is responsible for expanding environment variables when parsing configurations files such as .htaccess or httpd.conf. There is a vulnerability in this function that could allow a local user to trigger a buffer overflow.
The Apache Software Foundation notes that in order to exploit this vulnerability, a local user would need to install the malicious configuration file on the server and force the server to parse this file.
A local user with the ability to force a vulnerable to server to parse a malicious configuration file could gain elevated privileges.
Upgrade or Apply Patch
This vulnerability was reported by the Swedish IT Incident Centre within the National Post and Telecom Agency (SITIC).
|Date First Published:||2004-09-17|
|Date Last Updated:||2004-09-17 20:09 UTC|