Vulnerability Development mailing list archives
Re: Apache Exploit
From: Stefan Esser <sesser () php net>
Date: Thu, 20 Jun 2002 18:26:30 +0200
On Thu, Jun 20, 2002 at 08:12:54PM +0400, 3APA3A wrote:
Do not say bsd. At least FreeBSD doesn't use supplied parameters in main loop. It copies supplied parameters to register variables register char *dst = dst0; register const char *src = src0; register size_t t; before starting this loop and never back to original values. It makes it impossible to exploit this vulnerability in a way you described.
Sorry, but the code was directly taken from FreeBSD cvs. You can look as long you want into the generic bcopy.c file. For x86 you must look at the assembler implementation. And this is what runs on x86. Beside that I tested this on FreeBSD and it worked like a charm. Stefan Esser - e-matters Security
Current thread:
- Re: Apache Exploit, (continued)
- Re: Apache Exploit Blue Boar (Jun 20)
- Re: Apache Exploit Randy Taylor (Jun 20)
- Re: Apache Exploit Michal Zalewski (Jun 20)
- Message not available
- Re: Apache Exploit Randy Taylor (Jun 21)
- Re: Apache Exploit David Bernick (Jun 21)
- Re: Apache Exploit T0aD (Jun 22)
- Re: Apache Exploit Alex Balayan (Jun 23)
- Re: Apache Exploit Randy Taylor (Jun 24)
- Re[2]: Apache Exploit dullien (Jun 26)
- Re: Apache Exploit Randy Taylor (Jun 20)
- Re: Apache Exploit Blue Boar (Jun 20)
- Re: Apache Exploit Stefan Esser (Jun 20)
- Re[2]: Apache Exploit dullien (Jun 20)
- Re[2]: Apache Exploit Michal Zalewski (Jun 20)
- Re: Apache Exploit Jefferson Ogata (Jun 20)
- Re: Apache Exploit Michal Zalewski (Jun 21)
- Re: Re[2]: Apache Exploit SpaceWalker (Jun 20)
- Re: Apache Exploit Stefan Esser (Jun 21)
- Re: Apache Exploit Ben Laurie (Jun 26)