WhiteHat Software and Consulting Inc.

The author of the httpd indicates that there may have been a buffer overflow bug when 'building the cgi environment'.  This bug is mitigated by three factors on the Phalanx system.  1)  The non-executable stack modifications present in the kernel reduce most buffer overflow attacks from code execution to program crash.  2)  The httpd is only reachable by computers listed in the Management Locations list.  This by definition includes only trusted systems.  3)  The httpd runs as an unpriviledged user and tools needed for priviledge escalation are absent or access limited.  Together these make attacks against the possible bug infeasable.  Additionally, no known exploits for this bug are in circulation as the httpd used is very rare on the internet and so presents a small payoff in potential targets should someone write an exploit.

The httpd would crash when started after the CIPE VPN interfaces due to a bug exposed by lack of IPv6 support in CIPE.  Note, this does not happen in practice as the httpd starts before the VPN interfaces during system startup and the httpd used is very stable.  To this date no spontaneous crashes of the httpd have been logged on any Phalanx System.