http://secunia.com/advisories/11968Mandrake Linux 9.x
Mandrake Corporate Server 2.x
MandrakeSoft has issued an update for apache. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
Georgi Guninski has discovered a vulnerability in Apache, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
The vulnerability is caused due to a boundary error within the Apache mod_proxy module. This can be exploited to cause a heap-based buffer overflow by passing a "Content-Length:" header containing a large negative value.
Successful exploitation may reportedly crash the child process and potentially allow code execution on some BSD systems, if an Apache server, which is configured as a proxy, connects to a malicious site.
The vulnerability affects versions 1.3.31, 1.3.29, 1.3.28, 1.3.27, and 1.3.26