Re: Another flaw in Apache?

From: Jedi/Sector One (jat_private)
Date: Sun Jun 23 2002 - 14:02:34 PDT

  • Next message: Randy Taylor: "Re: Apache Exploit"

    On Sun, Jun 23, 2002 at 07:31:56PM +0400, Alexander Yurchenko wrote:
    > Not only kill. Sending SIGSTOP to all child processes causes web server
    > to stop response to incoming requests at all. Nice DoS ;-)
    
      All descriptors to all log files (not only those associated with requested
    virtual host) are also passed to children.
    
      I was successfully able to add fake entries to every log file.
      
      Very funny when you are on a colocated server. Reading log files is
    probably as easy.
      
    -- 
     __  /*-      Frank DENIS (Jedi/Sector One) <j@42-Networks.Com>     -*\  __
     \ '/    <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a>    \' /
      \/  <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a>  \/
    



    This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 20:08:57 PDT