Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server

From: KF (dotslashat_private)
Date: Tue Jun 18 2002 - 00:18:07 PDT

Next message: Doesnt Matter: "Apache Worm?"

Previous message: dreamwvr: "Re: CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability..."
Next in thread: Anibal Ambertin: "Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server"
Reply: Anibal Ambertin: "Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

During some testing of the apache issues with chunked encoding I noted 
that on my Linux x86 based install of apache just before the child 
process exits
some of the arguments that are passed to int sigaction(int signum,  
const  struct  sigaction  *act, struct sigaction *oldact);  and  int 
sigemptyset(sigset_t *set); have had their arguments overwritten... in 
the case of sigaction the signum was set to 10 or SIGUSR1 and all other 
arguments were overwritten with  0x41414141  I was wondering if this 
could cause any added risk to the x86 versions of apache... maybe some 
signaling ninja would help?

The description of sigaction is really what caught my attention:

The sigaction system call is used  to  change  the  action  taken by a 
process on receipt of a specific signal.

-KF

Next message: Doesnt Matter: "Apache Worm?"
Previous message: dreamwvr: "Re: CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability..."
Next in thread: Anibal Ambertin: "Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server"
Reply: Anibal Ambertin: "Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 19 2002 - 00:42:08 PDT