Re: Apache Exploit
From: Michal Zalewski (lcamtuf@coredump.cx)Date: 06/21/02
- Previous message: SpaceWalker: "Re: Re[2]: Apache Exploit"
- In reply to: Jefferson Ogata: "Re: Apache Exploit"
- Next in thread: SpaceWalker: "Re: Re[2]: Apache Exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 20 Jun 2002 22:49:49 -0400 (EDT) From: Michal Zalewski <lcamtuf@coredump.cx> To: Jefferson Ogata <seclists@antibozo.net>
On Thu, 20 Jun 2002, Jefferson Ogata wrote:
> Seems to me SIGTERM is likely as well, though it may not happen until
> someone reboots the webserver. SIGCHLD is also a possibility if an
> external CGI is involved, no?
Well... I don't think that SIGCHLD can arrive at the same time as the
problematic memcpy() is being executed. I don't think that Apache does
request processing while waiting for CGI script to finish - at least on
unices, with multi-process model. SIGTERM or SIGKILL - true. That's a good
point. You can try over and over again, have e.g. 30 child processes
spawned at the same time, it should be not that unlikely to have one of
them hit exactly where you want it on next reboot / upgrade, even if you
don't know the exact timing.
-- _____________________________________________________ Michal Zalewski [lcamtuf@bos.bindview.com] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/
- Previous message: SpaceWalker: "Re: Re[2]: Apache Exploit"
- In reply to: Jefferson Ogata: "Re: Apache Exploit"
- Next in thread: SpaceWalker: "Re: Re[2]: Apache Exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
