Vulnerability Development mailing list archives
Re: Apache Exploit
From: Jefferson Ogata <seclists () antibozo net>
Date: Thu, 20 Jun 2002 19:14:22 -0400
Michal Zalewski wrote:
This is not to say that delivering signals is not the way to exploit problems like that - conditions that would otherwise lead directly to SEGV because of access to non-allocated memory, for example. Quite (un)fortunately, there are only two signals that could be perhaps delivered to Apache (which, keep in mind, is running as a standalone daemon) - SIGPIPE and SIGURG - that is, if they are not ignored and if the handler does something interesting, which I'm not so sure about (but haven't looked in a while).
Seems to me SIGTERM is likely as well, though it may not happen until someone reboots the webserver. SIGCHLD is also a possibility if an external CGI is involved, no?
-- Jefferson Ogata : Internetworker, Antibozo <ogata () antibozo net> http://www.antibozo.net/ogata/ whois: jo317/whois.networksolutions.com http://www.antibozo.net/ogata/pgp.asc
Current thread:
- Re: Apache Exploit, (continued)
- Message not available
- Re: Apache Exploit Randy Taylor (Jun 21)
- Re: Apache Exploit David Bernick (Jun 21)
- Re: Apache Exploit T0aD (Jun 22)
- Re: Apache Exploit Alex Balayan (Jun 23)
- Re: Apache Exploit Randy Taylor (Jun 24)
- Re[2]: Apache Exploit dullien (Jun 26)
- Re: Apache Exploit Stefan Esser (Jun 20)
- Re[2]: Apache Exploit dullien (Jun 20)
- Re[2]: Apache Exploit Michal Zalewski (Jun 20)
- Re: Apache Exploit Jefferson Ogata (Jun 20)
- Re: Apache Exploit Michal Zalewski (Jun 21)
- Re: Re[2]: Apache Exploit SpaceWalker (Jun 20)
- Re: Apache Exploit Stefan Esser (Jun 21)
- Re: Apache Exploit Ben Laurie (Jun 26)