[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] URGENT: CERT - Apache buffer overrun

Subject: RE: [cobalt-users] URGENT: CERT - Apache buffer overrun
From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
Date: Tue Jun 18 10:29:04 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

I reread the advisory just now, when more awake.

It looks like the bounds checking method is erroneous.  However,
there evidently is no way to say "stop here" before totally
blowing away the end of the stack segment.  Segfault, process
dies, must fork a new child, no chance for arbitrary code
execution.

Note that 1000 malicious packets per second are sent easily via
T1 line, and I think 1000 die-then-fork per second would have an
impact on a Cobalt.  If nothing else, the log entries would chew
time and bang away on the poor little logging spool.

I'm not as intimate with that part of Ap as I might like to be.
I just hope that any network read timeout handler doesn't depend
on that portion of the stack...

Maybe this isn't "urgent" for Cobalts, but I still think it's
quite significant -- especially considering the Ap dependency of
most Cobalt users.  Time will tell, I suppose.


Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita

References:
- RE: [cobalt-users] URGENT: CERT - Apache buffer overrun
  - From: E.B. Dreger

Prev by Date: RE: RE: [cobalt-users] RaQ4 - moving sites between raq's
Next by Date: RE: [cobalt-users] [RaQ4] Mail Spool
Previous by thread: Re: [cobalt-users] URGENT: CERT - Apache buffer overrun
Next by thread: Re: [cobalt-users] RaQ3 - Named Weirdness

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index