Ive tested Gobbles code against Solaris Sparc Solaris 8 and it kills the child processes, leaving the single process running as root alive. Connections from clients are still able to be created at this point. Running the exploit in brute force mode though, again kills the child procs at some point. A steady stream of the running code may cause some disconnects. It did not appear to be causing a global system DoS. -----Original Message----- From: Pavel Kankovsky [mailto:peakat_private] Sent: Tuesday, June 25, 2002 5:59 PM To: vuln-devat_private Subject: Apache chunked encoding and Solaris/Sparc Has anyone (besides the omnipotent Gobbles, of course) managed to harm Apache running on Solaris/Sparc? As far as I can tell, Solaris implementation of memcpy() does NOTHING when it gets a negative length, and Solaris read() fails with EINVAL when the length is negative. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 19:28:18 PDT