Re: Another flaw in Apache?

From: Michal Zalewski (lcamtufat_private)
Date: Sat Jun 22 2002 - 12:38:48 PDT

  • Next message: vodkaat_private: "Re: login yahoogroups."

    On Sat, 22 Jun 2002, Jedi/Sector One wrote:
    
    > SetEnv DATE_LOCALE "******************************************..."
    
    While this apparently is not an issue with "AllowOverride none" (I think
    that's the default configuration for user-writable directories), and
    typically, having different, execution-related AllowOverride settings
    means you are a less or more trusted user, most likely can execute code
    with Apache UID, there are still some interesting consequences of
    exploiting a buffer overflow in the child process - for example, getting
    write access to logs. Probably worth investigating.
    
    -- 
    _____________________________________________________
    Michal Zalewski [lcamtufat_private] [security]
    [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
    =-=> Did you know that clones never use mirrors? <=-=
              http://lcamtuf.coredump.cx/photo/
    



    This archive was generated by hypermail 2b30 : Sat Jun 22 2002 - 12:49:32 PDT