Problem installing apache webserver on my FreeRunner
Timo Juhani Lindfors
timo.lindfors at iki.fi
Sat Feb 28 16:35:00 CET 2009
Aapo Rantalainen <aapo.rantalainen at gmail.com> writes:
> (and let me know, if you find something)
I think I found a vulnerability that results in local execution of
code as root if local user is allowed to write to the directory that
serves the web pages.
page_from_file checks the file size first, then allocates a buffer and
starts copying data. If the size of the file changes between these
steps aa-http will overflow the buffer.
More information about the community