Bug 561358 - CVE-2010-0010 httpd (v1.3): mod_proxy overflow on 64-bit systems
Summary: CVE-2010-0010 httpd (v1.3): mod_proxy overflow on 64-bit systems
Keywords:
Status: CLOSED DUPLICATE of bug 559371
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://httpd.apache.org/security/vuln...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-02-03 14:25 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:34 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2010-02-03 14:58:50 UTC
Embargoed:

Attachments (Terms of Use)

Description Jan Lieskovsky 2010-02-03 14:25:38 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0010 to
the following vulnerability:

Integer overflow in the ap_proxy_send_fb function in
proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before
1.3.42 on 64-bit platforms allows remote origin servers to cause a
denial of service (daemon crash) or possibly execute arbitrary code
via a large chunk size that triggers a heap-based buffer overflow.

Upstream patch:
  http://svn.apache.org/viewvc?view=revision&revision=896842
Comment 2 Jan Lieskovsky 2010-02-03 14:30:35 UTC 
This issue did not affect the versions of the httpd package, 
as shipped with Red Hat Enterprise Linux 3, 4, and 5.

For complete list of vulnerable Apache httpd server versions
proceed to upstream security dedicated page:

  http://httpd.apache.org/security/vulnerabilities_13.html
Comment 3 Jan Lieskovsky 2010-02-03 14:58:50 UTC 

*** This bug has been marked as a duplicate of bug 559371 ***
Note You need to log in before you can comment on or make changes to this bug.