[Home] [Credit Search] [Category Browser] [Staff Roll Call] The LINUX.COM Article Archive
Originally Published: Wednesday, 10 November 1999 Author: Quentin Cregan
Published to: news_enhance_security/Security News Page: 1/1 - [Std View]

thttpd bug

"Today I glanced at the thttpd 2.04 source code, wondering how seriously thttpd parsed HTTP If-Modified-Since fields. I was horrified to see that tdate_parse() scans %[a-zA-Z] into a fixed-size stack buffer." The original post to VULN-DEV is here, and the follow up containing a URL for the latest version and patch is here.



Originally published on Linux.com. Released under the Open Content License unless otherwise stated. Notify Gareth Watts of any errors or copyright violations.