Re: Apache Exploit

From: Jefferson Ogata (seclistsat_private)
Date: Thu Jun 20 2002 - 16:14:22 PDT

  • Next message: SpaceWalker: "Re: Re[2]: Apache Exploit"

    Michal Zalewski wrote:
    > This is not to say that delivering signals is not the way to exploit
    > problems like that - conditions that would otherwise lead directly to SEGV
    > because of access to non-allocated memory, for example. Quite
    > (un)fortunately, there are only two signals that could be perhaps
    > delivered to Apache (which, keep in mind, is running as a standalone
    > daemon) - SIGPIPE and SIGURG - that is, if they are not ignored and if the
    > handler does something interesting, which I'm not so sure about (but
    > haven't looked in a while).
    
    Seems to me SIGTERM is likely as well, though it may not happen until someone 
    reboots the webserver. SIGCHLD is also a possibility if an external CGI is 
    involved, no?
    
    -- 
    Jefferson Ogata : Internetworker, Antibozo
    <ogataat_private>  http://www.antibozo.net/ogata/
    whois: jo317/whois.networksolutions.com
    http://www.antibozo.net/ogata/pgp.asc
    



    This archive was generated by hypermail 2b30 : Fri Jun 21 2002 - 04:09:34 PDT