Vulnerability Development mailing list archives

Re: Another flaw in Apache?

From: Michal Zalewski <lcamtuf () coredump cx>
Date: Sat, 22 Jun 2002 15:38:48 -0400 (EDT)

On Sat, 22 Jun 2002, Jedi/Sector One wrote:

SetEnv DATE_LOCALE "******************************************..."


While this apparently is not an issue with "AllowOverride none" (I think
that's the default configuration for user-writable directories), and
typically, having different, execution-related AllowOverride settings
means you are a less or more trusted user, most likely can execute code
with Apache UID, there are still some interesting consequences of
exploiting a buffer overflow in the child process - for example, getting
write access to logs. Probably worth investigating.

-- 
_____________________________________________________
Michal Zalewski [lcamtuf () bos bindview com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/

Current thread:

Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Michal Zalewski (Jun 22)
  - Re: Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Alexander Yurchenko (Jun 22)
  - RE: Another flaw in Apache? Ryan Sweat (Jun 22)
  - Re: Another flaw in Apache? Michal Zalewski (Jun 22)
    - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
    - Re: Another flaw in Apache? Filipe Jorge Marques de Almeida (Jun 23)
    - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
    - Message not available
    - Re: Another flaw in Apache? Filipe Almeida (Jun 23)
    - Re: Another flaw in Apache? Alexander Yurchenko (Jun 23)
    - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)

(Thread continues...)