Problem installing apache webserver on my FreeRunner

Timo Juhani Lindfors timo.lindfors at
Sat Feb 28 16:35:00 CET 2009

Aapo Rantalainen <aapo.rantalainen at> writes:
> (and let me know, if you find something)

I think I found a vulnerability that results in local execution of
code as root if local user is allowed to write to the directory that
serves the web pages.

page_from_file checks the file size first, then allocates a buffer and
starts copying data. If the size of the file changes between these
steps aa-http will overflow the buffer.

More information about the community mailing list