ModSecurity off-by-one buffer overflow
| mod-security-offbyone-bo (15489) |  High Risk |
Description:
ModSecurity is vulnerable to an off-by-one buffer overflow. If the SecFilterScanPost directive is enabled, a remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the vulnerable Web server.
Consequences:
Gain Access
Remedy:
Upgrade to the latest version of ModSecurity (1.7.5 or later), available from the ModSecurity Web site. See References.
References:
- Full-Disclosure Mailing List, Tue Mar 16 2004 - 04:52:30 CST: ModSecurity 1.7.4 for Apache 2.x remote off-by-one overflow .
- ModSecurity Web site: ModSecurity - Web Intrusion Detection and Prevention / mod_security.
- BID-9885: Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
- CVE-2004-1765: Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
- SA11138: mod_security POST Request Processing Off-By-One Vulnerability
- US-CERT VU#779438: ModSecurity for Apache vulnerable to off-by-one overflow when directive SecFilterScanPost is enabled
Platforms Affected:
- Breach Security ModSecurity 1.7.4
Reported:
Mar 15, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net