FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

apache mod_include buffer overflow vulnerability

Affected packages
apache < 1.3.33
apache+mod_ssl < 1.3.32+2.8.21_1
apache+mod_ssl+ipv6 < 1.3.32+2.8.21_1
apache+mod_perl <= 1.3.31
apache+ipv6 < 1.3.33
apache+ssl <= 1.3.29.1.55
ru-apache < 1.3.33+30.21
ru-apache+mod_ssl < 1.3.33+30.21+2.8.22

Details

VuXML ID 6e6a6b8a-2fde-11d9-b3a2-0050fc56d258
Discovery 2004-10-22
Entry 2004-11-06

There is a buffer overflow in a function used by mod_include that may enable a local user to gain privileges of a httpd child. Only users that are able to create SSI documents can take advantage of that vulnerability.

References

CVE Name CVE-2004-0940
URL http://www.securitylab.ru/48807.html