Vulnerability Development mailing list archives
Re: Re[2]: Apache Exploit
From: SpaceWalker <spacewalker () altern org>
Date: Fri, 21 Jun 2002 01:29:24 +0200
I took a look, and I was unable to send any of those two signals to apache during the faulty memcpy(). On Thu, 20 Jun 2002 18:40:55 -0400 (EDT) Michal Zalewski <lcamtuf () coredump cx> wrote: ...
This is not to say that delivering signals is not the way to exploit problems like that - conditions that would otherwise lead directly to SEGV because of access to non-allocated memory, for example. Quite (un)fortunately, there are only two signals that could be perhaps delivered to Apache (which, keep in mind, is running as a standalone daemon) - SIGPIPE and SIGURG - that is, if they are not ignored and if the handler does something interesting, which I'm not so sure about (but haven't looked in a while). -- _____________________________________________________ Michal Zalewski [lcamtuf () bos bindview com] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/
Current thread:
- Re: Apache Exploit, (continued)
- Re: Apache Exploit T0aD (Jun 22)
- Re: Apache Exploit Alex Balayan (Jun 23)
- Re: Apache Exploit Randy Taylor (Jun 24)
- Re[2]: Apache Exploit dullien (Jun 26)
- Re: Apache Exploit Stefan Esser (Jun 20)
- Re[2]: Apache Exploit dullien (Jun 20)
- Re[2]: Apache Exploit Michal Zalewski (Jun 20)
- Re: Apache Exploit Jefferson Ogata (Jun 20)
- Re: Apache Exploit Michal Zalewski (Jun 21)
- Re: Re[2]: Apache Exploit SpaceWalker (Jun 20)
- Re: Apache Exploit Stefan Esser (Jun 21)
- Re: Apache Exploit Ben Laurie (Jun 26)