Vulnerability Development mailing list archives

Re: Another flaw in Apache?

From: Jedi/Sector One <j () pureftpd org>
Date: Sun, 23 Jun 2002 23:02:34 +0200

On Sun, Jun 23, 2002 at 07:31:56PM +0400, Alexander Yurchenko wrote:

Not only kill. Sending SIGSTOP to all child processes causes web server
to stop response to incoming requests at all. Nice DoS ;-)


  All descriptors to all log files (not only those associated with requested
virtual host) are also passed to children.

  I was successfully able to add fake entries to every log file.
  
  Very funny when you are on a colocated server. Reading log files is
probably as easy.
  
-- 
 __  /*-      Frank DENIS (Jedi/Sector One) <j () 42-Networks Com>     -*\  __
 \ '/    <a href="http://www.PureFTPd.Org/";> Secure FTP Server </a>    \' /
  \/  <a href="http://www.Jedi.Claranet.Fr/";> Misc. free software </a>  \/

Current thread:

Re: Another flaw in Apache?, (continued)
- Re: Another flaw in Apache? Michal Zalewski (Jun 22)
  - Re: Another flaw in Apache? Jedi/Sector One (Jun 22)
- Re: Another flaw in Apache? Alexander Yurchenko (Jun 22)
  - RE: Another flaw in Apache? Ryan Sweat (Jun 22)
  - Re: Another flaw in Apache? Michal Zalewski (Jun 22)
    - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
    - Re: Another flaw in Apache? Filipe Jorge Marques de Almeida (Jun 23)
    - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
    - Message not available
    - Re: Another flaw in Apache? Filipe Almeida (Jun 23)
    - Re: Another flaw in Apache? Alexander Yurchenko (Jun 23)
    - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
    - Re: Another flaw in Apache? Michal Zalewski (Jun 23)
    - Re: Another flaw in Apache? Michal Zalewski (Jun 23)
    - Re: Another flaw in Apache? sd (Jun 26)
  - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
  - Re: Another flaw in Apache? Jedi/Sector One (Jun 23)
- Re: Another flaw in Apache? Pavel Kankovsky (Jun 23)