RE: Apache chunked encoding and Solaris/Sparc
From: Robert Buckley (rbuckley@synapsemail.com)Date: 06/26/02
- Previous message: Edsel Adap: "Re: Java and buffer overflows"
- Maybe in reply to: Pavel Kankovsky: "Apache chunked encoding and Solaris/Sparc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Robert Buckley <rbuckley@synapsemail.com> To: 'Pavel Kankovsky' <peak@argo.troja.mff.cuni.cz>, vuln-dev@securityfocus.com Date: Wed, 26 Jun 2002 12:03:50 -0400
Ive tested Gobbles code against Solaris Sparc Solaris 8
and it kills the child processes, leaving the single process running
as root alive. Connections from clients are still able to be created at this
point.
Running the exploit in brute force mode though, again kills the child procs
at some point.
A steady stream of the running code may cause some disconnects.
It did not appear to be causing a global system DoS.
-----Original Message-----
From: Pavel Kankovsky [mailto:peak@argo.troja.mff.cuni.cz]
Sent: Tuesday, June 25, 2002 5:59 PM
To: vuln-dev@securityfocus.com
Subject: Apache chunked encoding and Solaris/Sparc
Has anyone (besides the omnipotent Gobbles, of course) managed to harm
Apache running on Solaris/Sparc? As far as I can tell, Solaris
implementation of memcpy() does NOTHING when it gets a negative length,
and Solaris read() fails with EINVAL when the length is negative.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
- Previous message: Edsel Adap: "Re: Java and buffer overflows"
- Maybe in reply to: Pavel Kankovsky: "Apache chunked encoding and Solaris/Sparc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
