Crazy Einstein has discovered a vulnerability in Apache, which can be exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to a boundary error in the "get_tag()" function of the "mod_include" module. This can be exploited to cause a buffer overflow when a specially crafted document with malformed server-side includes is requested through a HTTP session.
Successful exploitation can lead to execution of arbitrary code with escalated privileges, but requires that server-side includes (SSI) is enabled.
The vulnerability has been confirmed on version 1.3.31. Other versions may also be affected.
SOFTWARE:
Apache 1.3.x
SOLUTION:
Disable server-side includes (SSI).
PROVIDED AND/OR DISCOVERED BY:
Crazy Einstein
http://community.securityteam.us/article.php/20041022074803693