Re: Another flaw in Apache?

From: Jedi/Sector One (jat_private)
Date: Sun Jun 23 2002 - 14:02:34 PDT

Next message: Randy Taylor: "Re: Apache Exploit"

Previous message: Pavel Kankovsky: "Re: Another flaw in Apache?"
In reply to: Alexander Yurchenko: "Re: Another flaw in Apache?"
Next in thread: Michal Zalewski: "Re: Another flaw in Apache?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Jun 23, 2002 at 07:31:56PM +0400, Alexander Yurchenko wrote:
> Not only kill. Sending SIGSTOP to all child processes causes web server
> to stop response to incoming requests at all. Nice DoS ;-)

  All descriptors to all log files (not only those associated with requested
virtual host) are also passed to children.

  I was successfully able to add fake entries to every log file.

  Very funny when you are on a colocated server. Reading log files is
probably as easy.

-- 
 __  /*-      Frank DENIS (Jedi/Sector One) <j@42-Networks.Com>     -*\  __
 \ '/    <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a>    \' /
  \/  <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a>  \/

Next message: Randy Taylor: "Re: Apache Exploit"
Previous message: Pavel Kankovsky: "Re: Another flaw in Apache?"
In reply to: Alexander Yurchenko: "Re: Another flaw in Apache?"
Next in thread: Michal Zalewski: "Re: Another flaw in Apache?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 20:08:57 PDT