Debian Security Advisory
- DSA 525-1 New apache packages fix buffer overflow in mod_proxy
Package : apache Vulnerability : buffer overflow Problem-Type : remote Debian-specific: no CVE Ids : CAN-2004-0492 Georgi Guninski discovered a buffer overflow bug in Apache's mod_proxy module, whereby a remote user could potentially cause arbitrary code to be executed with the privileges of an Apache httpd child process (by default, user www-data). Note that this bug is only exploitable if the mod_proxy module is in use. Note that this bug exists in a module in the apache-common package, shared by apache, apache-ssl and apache-perl, so this update is sufficient to correct the bug for all three builds of Apache httpd. However, on systems using apache-ssl or apache-perl, httpd will not automatically be restarted. For the current stable distribution (woody), this problem has been fixed in version 1.3.26-0woody5. For the unstable distribution (sid), this problem has been fixed in version 1.3.31-2. We recommend that you update your apache package.
- Buffer overflow in apache mod_proxy,yet still apache much better than windows
- CAN-2004-0492 mod_proxy security issue