Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability

Apache HTTP Server is prone to a local privilege-escalation vulnerability because of an integer-overflow error.

Local attackers can exploit this issue to run arbitrary code with elevated privileges (with the privileges of the Apache webserver process). Failed exploit attempts may crash the affected application, denying service to legitimate users.

Note: To trigger this issue, 'mod_setenvif' must be enabled and the attacker should be able to place a malicious '.htaccess' file on the affected webserver.


 

Privacy Statement
Copyright 2010, SecurityFocus