On Mon, Sep 23, 2002 at 12:33:04PM -0700, shaddupat_private wrote: > - -=~=-_-=~=-_-=~=- > I put PHP in the title so I know this message will reach the "sekur1ty c0mmun1ty", that *knows* that PHP is bad, because it's easy to write insecure applications, unlike C. > - -=~=-_-=~=-_-=~=- > Problem: > o Apache 2.0 (.39 and .40 tested) on Linuxx0r (and possibly other OS's) > will hang on a write to stderr that is larger than the default buffer > size (4k on Linux) > Impact: > o Local users can cause apache's httpd process to hang > o Possible new DoS to look for in web apps that write > user input to stderr! *whiny voice* This is a bug in the web applications, and not in Apache. *moan* // Ulf _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Tue Sep 24 2002 - 11:23:41 PDT