Re: Re[2]: Apache Exploit
From: SpaceWalker (spacewalker@altern.org)Date: 06/21/02
- Previous message: Jefferson Ogata: "Re: Apache Exploit"
- In reply to: Michal Zalewski: "Re[2]: Apache Exploit"
- Next in thread: Ben Laurie: "Re: Apache Exploit"
- Next in thread: Stefan Esser: "Re: Apache Exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Jun 2002 01:29:24 +0200 From: SpaceWalker <spacewalker@altern.org> To: Michal Zalewski <lcamtuf@coredump.cx>
I took a look, and I was unable to send any of those two signals to apache during the faulty memcpy().
On Thu, 20 Jun 2002 18:40:55 -0400 (EDT)
Michal Zalewski <lcamtuf@coredump.cx> wrote:
...
> This is not to say that delivering signals is not the way to exploit
> problems like that - conditions that would otherwise lead directly to SEGV
> because of access to non-allocated memory, for example. Quite
> (un)fortunately, there are only two signals that could be perhaps
> delivered to Apache (which, keep in mind, is running as a standalone
> daemon) - SIGPIPE and SIGURG - that is, if they are not ignored and if the
> handler does something interesting, which I'm not so sure about (but
> haven't looked in a while).
>
> --
> _____________________________________________________
> Michal Zalewski [lcamtuf@bos.bindview.com] [security]
> [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
> =-=> Did you know that clones never use mirrors? <=-=
> http://lcamtuf.coredump.cx/photo/
>
- Previous message: Jefferson Ogata: "Re: Apache Exploit"
- In reply to: Michal Zalewski: "Re[2]: Apache Exploit"
- Next in thread: Ben Laurie: "Re: Apache Exploit"
- Next in thread: Stefan Esser: "Re: Apache Exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
