apache mod_proxy buffer overflow.plugin

全面网络扫描器VB源代码 很实用

<plugin_id>279</plugin_id>
<plugin_name>Apache prior 1.3.33 Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability</plugin_name>
<plugin_family>Denial of Service</plugin_family>
<plugin_created_date>2004/12/03</plugin_created_date>
<plugin_created_name>David Nester</plugin_created_name>
<plugin_created_email>david at icrew dot org</plugin_created_email>
<plugin_created_web>http://www.icrew.org</plugin_created_web>
<plugin_created_company>iCrew Security</plugin_created_company>
<plugin_updated_name>Marc Ruef</plugin_updated_name>
<plugin_updated_email>marc dot ruef at computec dot ch</plugin_updated_email>
<plugin_updated_web>http://www.computec.ch</plugin_updated_web>
<plugin_updated_company>computec.ch</plugin_updated_company>
<plugin_updated_date>2004/12/05</plugin_updated_date>
<plugin_version>1.0</plugin_version>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>80</plugin_port>
<plugin_procedure_detection>open|send HEAD / HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# ### *Apache/1.3.[1-2]* OR HTTP/#.# ### *Apache/1.3.3[0-2]*</plugin_procedure_detection>
<plugin_detection_accuracy>80</plugin_detection_accuracy>
<plugin_comment>This plugin was written with the ATK Attack Editor.</plugin_comment>
<bug_published_name>Georgi Guninski</bug_published_name>
<bug_published_email>guninski at guninski dot com</bug_published_email>
<bug_published_web>http://www.guninski.com/modproxy1.html</bug_published_web>
<bug_published_company>Georgi Guninski</bug_published_company>
<bug_published_date>2004/06/10</bug_published_date>
<bug_produced_name>Apache Software Foundation</bug_produced_name>
<bug_produced_email>apache at apache dot org</bug_produced_email>
<bug_produced_web>http://httpd.apache.org</bug_produced_web>
<bug_not_affected>Other versions or solutions</bug_not_affected>
<bug_vulnerability_class>Buffer Overflow</bug_vulnerability_class>
<bug_description>Note: This check is designed to identify hosts running vulnerable versions of Apache. It does not attempt to exploit the vulnerability on the intended host. If the application has been patched and the version has not been incremented in the banner, this check may report vulnerable.A remote buffer overflow vulnerability exists in Apache mod_proxy. The source of this issue is that a negative user-specified length value may be used in a memory copy operation, allowing for corruption of memory. This may triggered if a remote server returns a negative Content-Length: HTTP header field to be passed through the proxy.  Exploitation will likely result in a denial of service, though there is an unconfirmed potential for execution of arbitrary code on some platforms (such as BSD implementations). Versions that have the optional AP_ENABLE_EXCEPTION_HOOK define enabled may also be exploitable on some platforms. This issue affects Apache servers 1.3.26 through 1.3.32 that have mod_proxy enabled and configured. Apache 2.0.x releases are not affected by this issue.</bug_description>
<bug_solution>This vulnerability is resolved by upgrading to the latest version available from: http://httpd.apache.org</bug_solution>
<bug_fixing_time>Approx. 1 hour</bug_fixing_time>
<bug_exploit_availability>Yes</bug_exploit_availability>
<bug_exploit_url>http://www.guninski.com/modproxy1.html</bug_exploit_url>
<bug_remote>Yes</bug_remote>
<bug_local>No</bug_local>
<bug_severity>High</bug_severity>
<bug_popularity>6</bug_popularity>
<bug_simplicity>5</bug_simplicity>
<bug_impact>9</bug_impact>
<bug_risk>6</bug_risk>
<bug_nessus_risk>High</bug_nessus_risk>
<bug_iss_scanner_rating>High</bug_iss_scanner_rating>
<source_cve>CAN-2004-0492</source_cve>
<source_issxforce_id>16387</source_issxforce_id>
<source_literature>Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427</source_literature>
<source_misc>http://www.apacheweek.com/features/security-13</source_misc>