htdig: Buffer overruns in htdig

Jon Bagshaw (J.Bagshaw@Bradford.ac.uk)
Mon, 20 Jul 1998 09:59:32 +0100

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Tim Gladding: "Re: htdig: on different servers!.."
• Previous message: Wolfgang Brungert: "Re:first try"
• Next in thread: Geoff Hutchison: "Re: htdig: Buffer overruns in htdig"

Hi,

Does anyone know if the input to htsearch can be used in buffer overrun attacks?
We are running htdig on apache and in checking the access logs I noticed some
odd lines like this.

?config=htdig&restrict=&exclude=&method=boolean&format=builtin-long&words=+++++++++++++++++++++++++++++++ads+++++++++++++++++++++++++++++++++++++++++++++++++++and+%28archsci+or+archsci-www%29

Does this look normal, or is someone trying to force a buffer overrun through
either apache or htdig.

Version info

Solaris 2.5.1
apache 1.2.5
Htdig 3.0.8b2

Cheers
        Jon

-- 
Jon Bagshaw		| Phone +44 (1274) 233318
Computer Officer	|
University of Bradford  | J.Bagshaw@bradford.ac.uk
----------------------------------------------------------------------
To unsubscribe from the htdig mailing list, send a message to
htdig-request@sdsu.edu containing the single word "unsubscribe" in
the body of the message.

• Next message: Tim Gladding: "Re: htdig: on different servers!.."
• Previous message: Wolfgang Brungert: "Re:first try"
• Next in thread: Geoff Hutchison: "Re: htdig: Buffer overruns in htdig"

This archive was generated by hypermail 2.0b3 on Sat Jan 02 1999 - 16:26:53 PST