Re: Another flaw in Apache?

From: Michal Zalewski (lcamtufat_private)
Date: Sun Jun 23 2002 - 07:13:32 PDT

Next message: cyber_riderat_private: "Java and buffer overflows"

Previous message: Filipe Almeida: "Re: Another flaw in Apache?"
In reply to: Filipe Jorge Marques de Almeida: "Re: Another flaw in Apache?"
Next in thread: sd: "Re: Another flaw in Apache?"
Next in thread: Jedi/Sector One: "Re: Another flaw in Apache?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 23 Jun 2002, Filipe Jorge Marques de Almeida wrote:

> Don't forget this is not a serious vulnerability in many configurations
> (if the user already has permission to run cgi scripts without suexec,
> SSI, etc).

Not exactly. You are having access to the httpd child process, not a
spawned CGI script. This means that you control some interesting goods,
such as file descriptors, or... oh well, the child process itself. Think
about serving spoofed contents to all requests? Besides, suexec is pretty
popular nowadays.

-- 
_____________________________________________________
Michal Zalewski [lcamtufat_private] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/

Next message: cyber_riderat_private: "Java and buffer overflows"
Previous message: Filipe Almeida: "Re: Another flaw in Apache?"
In reply to: Filipe Jorge Marques de Almeida: "Re: Another flaw in Apache?"
Next in thread: sd: "Re: Another flaw in Apache?"
Next in thread: Jedi/Sector One: "Re: Another flaw in Apache?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 09:08:51 PDT