[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] URGENT: CERT - Apache buffer overrun
- Subject: RE: [cobalt-users] URGENT: CERT - Apache buffer overrun
- From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
- Date: Tue Jun 18 09:52:00 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
CJ> Why do you think that "RAQ 3, 4, XTR, and 550 owners"
CJ> are vulnerable to this exploit? As I read the text
CJ> it said Windows OSes and 64 bit *nix systems. Does the
CJ> Raq550 have a 64 bit CPU that I don't know about?
Read CERT advisory. Follow link to
http://httpd.apache.org/info/security_bulletin_20020617.txt
Note paragraph #8. A segfault means Ap will have to fork a new
child. Sounds mildly easy to launch a DoS.
Again, I find it odd that arbitrary code works on 64-bit pointer
(evidently able to trash the first eight bytes of the stack) and
on Win32 (valid pointer arithmetic).
I'm not complaining about the lack of arbitrary code execution
on 32-bit *ix platforms... but I wonder if we have the complete
story.
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.