Vulnerability Development mailing list archives

Re: Apache Exploit

From: Jefferson Ogata <seclists () antibozo net>
Date: Thu, 20 Jun 2002 19:14:22 -0400

Michal Zalewski wrote:

This is not to say that delivering signals is not the way to exploit
problems like that - conditions that would otherwise lead directly to SEGV
because of access to non-allocated memory, for example. Quite
(un)fortunately, there are only two signals that could be perhaps
delivered to Apache (which, keep in mind, is running as a standalone
daemon) - SIGPIPE and SIGURG - that is, if they are not ignored and if the
handler does something interesting, which I'm not so sure about (but
haven't looked in a while).

Seems to me SIGTERM is likely as well, though it may not happen until someonereboots the webserver. SIGCHLD is also a possibility if an external CGI isinvolved, no?


--
Jefferson Ogata : Internetworker, Antibozo
<ogata () antibozo net>  http://www.antibozo.net/ogata/
whois: jo317/whois.networksolutions.com
http://www.antibozo.net/ogata/pgp.asc

Current thread:

Re: Apache Exploit, (continued)
- - - Message not available
    - Re: Apache Exploit Randy Taylor (Jun 21)
    - Re: Apache Exploit David Bernick (Jun 21)
    - Re: Apache Exploit T0aD (Jun 22)
    - Re: Apache Exploit Alex Balayan (Jun 23)
    - Re: Apache Exploit Randy Taylor (Jun 24)
    - Re[2]: Apache Exploit dullien (Jun 26)
- Re: Apache Exploit 3APA3A (Jun 20)
  - Re: Apache Exploit Stefan Esser (Jun 20)
  - Re[2]: Apache Exploit dullien (Jun 20)
    - Re[2]: Apache Exploit Michal Zalewski (Jun 20)
    - Re: Apache Exploit Jefferson Ogata (Jun 20)
    - Re: Apache Exploit Michal Zalewski (Jun 21)
    - Re: Re[2]: Apache Exploit SpaceWalker (Jun 20)
- Re: Apache Exploit Ben Laurie (Jun 21)
  - Re: Apache Exploit Stefan Esser (Jun 21)
    - Re: Apache Exploit Ben Laurie (Jun 26)