Vulnerability Development mailing list archives
Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server
From: KF <dotslash () snosoft com>
Date: Wed, 19 Jun 2002 05:06:01 -0400
Just so that you guys can physcially see what I am talking about ... here are some snippets from 2 seperate boxes... they both handled it differently... This may help in determining how exploitable this may or may not be. I will be testing on a TRU64 and SunOS box tonight ... I will let you know how it goes.
[080706f7] select(4, 0xbffff5f0, 0, 0, 0xbffff678) = 1 [08070725] read(3, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"..., 512) = 512 [080706f7] select(4, 0xbffff5f0, 0, 0, 0xbffff678) = 1 [08070725] read(3, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"..., 512) = 403 [080706f7] select(4, 0xbffff5f0, 0, 0, 0xbffff678) = 1 [08070725] read(3, "", 512) = 0 [080634a6] close(3) = 0 [080634b3] __errno_location() = 0x401adb80 [080634dc] __errno_location() = 0x401adb80 [08086734] sigemptyset(0xbffff7f4, 0x41414141, 0x41414141, 0x41414141,0x41414141) = 0 [08086760] sigaction(10, 0xbffff7f0, 0xbffff760, 0x41414141, 0x41414141) = 0 and this guy use x's instead of A's
>close(5) = 0 >__errno_location() = 0x401fee60 >sigemptyset(0xbffff934, 0x78787878, 0x78787878, 0x78787878, 0x0808c9ac) = 0 >sigaction(10, 0xbffff930, 0xbffff8a4, 0x08069bcc, 0xbffff934) = 0 >waitpid(7651, 0, 1, 0, 0x0808c984) = 7651 >accept(18, 0xbffff9ec, 0xbffff9e8, 0x0805c67b, 0 <unfinished ...> > >so sigaction is not touched (yet).
-KF
Current thread:
- RE: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server Michael Wojcik (Jun 19)
- Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server KF (Jun 19)