Re: Another flaw in Apache?

From: Michal Zalewski (lcamtufat_private)
Date: Sat Jun 22 2002 - 12:38:48 PDT

Next message: vodkaat_private: "Re: login yahoogroups."

Previous message: FozZy: "spying (deleted) file entries in other users' directories"
In reply to: Jedi/Sector One: "Another flaw in Apache?"
Next in thread: Jedi/Sector One: "Re: Another flaw in Apache?"
Reply: Jedi/Sector One: "Re: Another flaw in Apache?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 22 Jun 2002, Jedi/Sector One wrote:

> SetEnv DATE_LOCALE "******************************************..."

While this apparently is not an issue with "AllowOverride none" (I think
that's the default configuration for user-writable directories), and
typically, having different, execution-related AllowOverride settings
means you are a less or more trusted user, most likely can execute code
with Apache UID, there are still some interesting consequences of
exploiting a buffer overflow in the child process - for example, getting
write access to logs. Probably worth investigating.

-- 
_____________________________________________________
Michal Zalewski [lcamtufat_private] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/

Next message: vodkaat_private: "Re: login yahoogroups."
Previous message: FozZy: "spying (deleted) file entries in other users' directories"
In reply to: Jedi/Sector One: "Another flaw in Apache?"
Next in thread: Jedi/Sector One: "Re: Another flaw in Apache?"
Reply: Jedi/Sector One: "Re: Another flaw in Apache?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jun 22 2002 - 12:49:32 PDT