Buffer Overflow bug?

C

ckimrey

New member
Joined
Jun 7, 2009
Messages
1
Hi -

I have been trying to get my website PCI Compliant. I keep getting an Urgent error on port 2222 where DA is running.

The error is this:

The remote web server may be affected by a buffer
overflow vulnerability.Description :

The remote web server crashes when it receives a too
long URL. It might be possible to make it execute
arbitrary code through this flaw.

Is this a known issue with DA? If so, how do we correct it to get PCI compliant?
 
Hello,

I would need more information to duplicate the error.
What their scripts may consider an overflow, it may just be DA ignoring the oversized request and not sending any data in return.. but check the logs either way.

/var/log/directadmin/error.log
/var/log/directadmin/security.log

also, if DA is segfaulting, then run it through gdb and let me know where it's segfaulting.. Include the long URL that they're using to make it segfault so I can duplicate and fix it.. if in fact it is segfaulting.
http://help.directadmin.com/item.php?id=185

John
 
You must log in or register to reply here.
Back
Top