httpd mod_access auth vulnerability

March 26th, 2004 by Rob


Bron: BronDue to a bug in the parsing of Allow/Deny rules for httpd’s access
module‚ using IP addresses without a netmask on big endian 64-bit
platforms causes the rules to fail to match. This only affects
sparc64.

The problem is fixed in -current‚ 3.4-stable and 3.3-stable.

Patches are available at:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/014_httpd2.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/019_httpd2.patch

Published by Rob on Mar 26, 2004 under *BSD news from the past | Post your comment now

Leave a Reply

SEO Powered by Platinum SEO from Techblissonline