Signature Detail

HTTP: Apache HTTP Server mod_tcl Module Format String Vulnerability

This signature detects attempts to exploit a known format string vulnerability in the mod_tcl module used with the Apache HTTP server. It is due to the failure of the application in verifying string arguments that are passed to a formatting function, resulting in a memory corruption condition. A remote attacker can exploit this to inject and execute arbitrary code with the privileges of the httpd process. In a successful simple attack, the httpd process serving the attacker terminates, closing the connection as a result. This might also reset other connections served by the affected httpd process, in the case the HTTP server is configured to run in multiple-threading mode. In a successful sophisticated attack, the injected arbitrary code is executed with the privileges of the httpd process. The behavior of the target system is dependent on the malicious code.

Extended Description

Apache mod_tcl is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of webserver processes running the affected Apache module. This facilitates the remote compromise of affected computers. Apache mod_tcl version 1.0 is vulnerable to this issue.

Affected Products

• Apache Software Foundation mod_tcl 1.0
• Gentoo Linux

References

• BugTraq: 20527
• CVE: CVE-2006-4154