VULHUB ™

OpenBSD httpd mod_include is reported prone to a local buffer overflow vulnerability. This issue arises because the application fails to perform boundary checks on user-supplied data before copying it in to sensitive process buffers. This issue may allow attackers to crash the server and potentially execute arbitrary code. Specifically, this issue presents itself when a vulnerable server has the XBitHack directive or server-side includes functionality enabled. A successful attack may result in a denial of service condition, however, it is conjectured that arbitrary code execution in the context of the httpd process may be possible as well.

OpenBSD httpd mod_include is reported prone to a local buffer overflow vulnerability. This issue arises because the application fails to perform boundary checks on user-supplied data before copying it in to sensitive process buffers. This issue may allow attackers to crash the server and potentially execute arbitrary code. Specifically, this issue presents itself when a vulnerable server has the XBitHack directive or server-side includes functionality enabled. A successful attack may result in a denial of service condition, however, it is conjectured that arbitrary code execution in the context of the httpd process may be possible as well.