Comment 5 for bug 811422

halfdog (halfdog) wrote :

Sent mail to <email address hidden> 2011-07-15 (no reply) and again today:

Dear Apache Httpd Security Team,

It seems possible to execute arbitrary via the bug reported
2011-07-15. Since this requires a crafted .htaccess file on the host,
this might not be a too big issue.

See

http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/

for first draft of multi-thread exploit (url not published elsewhere).
Currently I'm trying to get more stable code executing using the
stop-regex approach and just a single thread.

I checked the reporting guidelines again today and found, that there is a different security contact mail address mentioned. I'm not sure, if something has changed at apache website or I just picked up an dead address. Resending to <email address hidden>