Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability

Bugtraq ID: 19204
Class: Boundary Condition Error
CVE: CVE-2006-3747
Remote: Yes
Local: No
Published: Jul 28 2006 12:00AM
Updated: May 09 2011 07:42PM
Credit: Mark Dowd of McAfee Avert Labs discovered this vulnerability.
Vulnerable: Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Turbolinux Turbolinux Server 10.0 x86
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux FUJI
Turbolinux Turbolinux 10 F...
TurboLinux Personal
TurboLinux Multimedia
Turbolinux Home
Turbolinux Appliance Server 2.0
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
SuSE SUSE Linux Enterprise Server 9
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise SDK 10
Sun Solaris 9_x86
Sun Solaris 9_sparc
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 10_x86
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux -current
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
rPath rPath Linux 1
OpenPKG OpenPKG 2.5
OpenPKG OpenPKG 2.4
OpenPKG OpenPKG 2.3
OpenPKG OpenPKG 2.2
OpenPKG OpenPKG 2.1
OpenPKG OpenPKG 2.0
OpenBSD OpenBSD 3.9
OpenBSD OpenBSD 3.8
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Linux Mandrake 2006.0 x86_64
MandrakeSoft Linux Mandrake 2006.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
IBM Websphere Application Server 6.1 .2
IBM Websphere Application Server 6.1 .1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.0.2 .9
IBM Websphere Application Server 6.0.2 .7
IBM Websphere Application Server 6.0.2 .5
IBM Websphere Application Server 6.0.2 .3
IBM Websphere Application Server 6.0.2 .13
IBM Websphere Application Server 6.0.2 .11
IBM Websphere Application Server 6.0.2 .1
IBM Websphere Application Server 6.0.2
IBM HTTP Server 1.3.28 .1
IBM HTTP Server 1.3.26 .2
IBM Hardware Management Console (HMC) for pSeries 6.0 R1.0
IBM Hardware Management Console (HMC) for iSeries 6.0 R1.0
HP Webproxy A.02.10
+ HP HP-UX B.11.04
HP Webproxy A.02.00
HP VirtualVault 4.7
HP VirtualVault A.04.70
HP VirtualVault A.04.60
+ HP HP-UX B.11.04
HP VirtualVault A.04.50
HP System Management Homepage 2.1.6
HP System Management Homepage 2.1.5
HP System Management Homepage 2.1.4
HP System Management Homepage 2.1.3 .132
HP System Management Homepage 2.1.3
HP System Management Homepage 2.1.2
HP System Management Homepage 2.1.1
HP System Management Homepage 2.1
HP System Management Homepage 2.0.2
HP System Management Homepage 2.0.1
HP System Management Homepage 2.0
HP OpenVMS Secure Web Server 1.2
HP OpenVMS Secure Web Server 1.1 -1
HP OpenVMS Secure Web Server 2.1-1
HP OpenView Network Node Manager 7.51
HP OpenView Network Node Manager 7.01
HP OpenView Network Node Manager 6.41
HP HP-UX B.11.23
HP HP-UX B.11.11
HP HP-UX B.11.04
HP HP-UX B.11.00
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.5
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apache Software Foundation Apache 2.2 .0
Apache Software Foundation Apache 2.0.56 -dev
Apache Software Foundation Apache 2.0.55
Apache Software Foundation Apache 2.0.54
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
Apache Software Foundation Apache 2.0.53
Apache Software Foundation Apache 2.0.52
Apache Software Foundation Apache 2.0.51
Apache Software Foundation Apache 2.0.50
Apache Software Foundation Apache 2.0.49
Apache Software Foundation Apache 2.0.48
+ MandrakeSoft Linux Mandrake 10.0 AMD64
+ MandrakeSoft Linux Mandrake 10.0
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.47
Apache Software Foundation Apache 2.0.46
Apache Software Foundation Apache 1.3.36
Apache Software Foundation Apache 1.3.35 -dev
Apache Software Foundation Apache 1.3.34
Apache Software Foundation Apache 1.3.33
Apache Software Foundation Apache 1.3.32
+ Gentoo Linux 1.4
+ Gentoo Linux
Apache Software Foundation Apache 1.3.31
+ OpenPKG OpenPKG Current
Apache Software Foundation Apache 1.3.29
+ Apple Mac OS X 10.3.5
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X Server 10.3.5
+ Apple Mac OS X Server 10.2.7
+ MandrakeSoft Linux Mandrake 10.0 AMD64
+ MandrakeSoft Linux Mandrake 10.0
+ OpenPKG OpenPKG 2.0
Apache Software Foundation Apache 1.3.28
+ Conectiva Linux 8.0
+ MandrakeSoft Linux Mandrake 9.2 amd64
+ MandrakeSoft Linux Mandrake 9.2
+ OpenBSD OpenBSD 3.4
+ OpenPKG OpenPKG 1.3
Apache Software Foundation Apache 1.3.9
Apache Software Foundation Apache 1.3.7 -dev
Apache Software Foundation Apache 1.3.6
Apache Software Foundation Apache 1.3.4
Apache Software Foundation Apache 1.3.3
+ RedHat Linux 5.2 sparc
+ RedHat Linux 5.2 i386
+ RedHat Linux 5.2 alpha
Not Vulnerable: IBM Websphere Application Server 6.1 .3
IBM Websphere Application Server 6.0.2 .15
HP System Management Homepage 2.1.9
HP System Management Homepage 2.1.8
HP System Management Homepage 2.1.7
HP OpenVMS Secure Web Server 2.2
Apache Software Foundation Apache 2.2.3
Apache Software Foundation Apache 2.0.59
Apache Software Foundation Apache 1.3.37


 

Privacy Statement
Copyright 2010, SecurityFocus