|
|
|
|
|
|
by aleks224
219 days ago
|
|
|
So this would be the first stack overflow after the Morris' fingerd one (well, first one that's widely publicized): https://seclists.org/bugtraq/1995/Feb/109 > we've installed the NCSA HTTPD 1.3 on our WWW server (HP9000/720, HP-UX 9.01)
and I've found, that it can be tricked into executing shell commands.
Actually, this bug is similar to the bug in fingerd exploited by the internet
worm. The HTTPD reads a maximum of 8192 characters when accepting a request
from port 80. |
|
|