Originally Published: Wednesday, 10 November 1999 Author: Quentin Cregan
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

thttpd bug

"Today I glanced at the thttpd 2.04 source code, wondering how seriously thttpd parsed HTTP If-Modified-Since fields. I was horrified to see that tdate_parse() scans %[a-zA-Z] into a fixed-size stack buffer." The original post to VULN-DEV is here, and the follow up containing a URL for the latest version and patch is here.