Re: Another flaw in Apache?

From: sd (sdat_private)
Date: Wed Jun 26 2002 - 09:22:37 PDT

  • Next message: Javier Blanque: "Re: Java and buffer overflows"

    On Sun, Jun 23, 2002 at 03:03:13PM +0100, Filipe Jorge Marques de Almeida wrote:
    > Don't forget this is not a serious vulnerability in many configurations (if the
    > user already has permission to run cgi scripts without suexec, SSI, etc).
    > 
    > On Sat, Jun 22, 2002 at 09:27:48PM -0400, Michal Zalewski wrote:
    > > Check out what you get - file descriptors and other goodies - and perhaps
    > > it is a good time to cc: bugtraq or at least Apache guys?;-)
    > 
    > --
    > Filipe Almeida
    
    imho it's serious for freeweb providers, they become a freeshell providers ;)
    not mentioning that you can play a bit with port 80 socket, pernamently
    killing all childs to put your child for some use. defacing whole webserver,
    web sniffing IS possible.
    
    -- 
    _ __/|
    \'X.X'   sd@ircnet
    =(___)=  http://sd.g-art.nl
        U
    



    This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 21:41:08 PDT