htdig: Buffer overruns in htdig


Jon Bagshaw (J.Bagshaw@Bradford.ac.uk)
Mon, 20 Jul 1998 09:59:32 +0100


Hi,

Does anyone know if the input to htsearch can be used in buffer overrun attacks?
We are running htdig on apache and in checking the access logs I noticed some
odd lines like this.

?config=htdig&restrict=&exclude=&method=boolean&format=builtin-long&words=+++++++++++++++++++++++++++++++ads+++++++++++++++++++++++++++++++++++++++++++++++++++and+%28archsci+or+archsci-www%29

Does this look normal, or is someone trying to force a buffer overrun through
either apache or htdig.

Version info

Solaris 2.5.1
apache 1.2.5
Htdig 3.0.8b2

Cheers
        Jon

-- 
Jon Bagshaw		| Phone +44 (1274) 233318
Computer Officer	|
University of Bradford  | J.Bagshaw@bradford.ac.uk
----------------------------------------------------------------------
To unsubscribe from the htdig mailing list, send a message to
htdig-request@sdsu.edu containing the single word "unsubscribe" in
the body of the message.



This archive was generated by hypermail 2.0b3 on Sat Jan 02 1999 - 16:26:53 PST