Re: Another flaw in Apache?

From: Filipe Almeida (filipeat_private)
Date: Sun Jun 23 2002 - 08:07:04 PDT

Next message: Michal Zalewski: "Re: Another flaw in Apache?"

Previous message: FozZy: "Re: spying (deleted) file entries in other users' directories"
Next in thread: Alexander Yurchenko: "Re: Another flaw in Apache?"
Reply: Alexander Yurchenko: "Re: Another flaw in Apache?"
Reply: Michal Zalewski: "Re: Another flaw in Apache?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Well... Seems I rushed the mail out.
You can kill the httpd childs but you can't ptrace them because the processes
are not dumpable.

At 10:13 23-06-2002 -0400, Michal Zalewski wrote:
>On Sun, 23 Jun 2002, Filipe Jorge Marques de Almeida wrote:
>Not exactly. You are having access to the httpd child process, not a
>spawned CGI script. This means that you control some interesting goods,
>such as file descriptors, or... oh well, the child process itself. Think
>about serving spoofed contents to all requests? Besides, suexec is pretty
>popular nowadays.

Next message: Michal Zalewski: "Re: Another flaw in Apache?"
Previous message: FozZy: "Re: spying (deleted) file entries in other users' directories"
Next in thread: Alexander Yurchenko: "Re: Another flaw in Apache?"
Reply: Alexander Yurchenko: "Re: Another flaw in Apache?"
Reply: Michal Zalewski: "Re: Another flaw in Apache?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 09:05:45 PDT