[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Re:Apache Chunked Vulnerability and Cobalt servers
- Subject: Re: [cobalt-users] Re:Apache Chunked Vulnerability and Cobalt servers
- From: "E.B. Dreger" <eddy+public+spam@xxxxxxxxxxxxxxxxx>
- Date: Fri Jun 21 15:39:01 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
BT> Date: Fri, 21 Jun 2002 14:54:29 -0700
BT> From: Bruce Timberlake
BT> It was for the off-topic stuff. Sorry, thought I'd sent a
BT> clarification email out at some later date...
I might well have missed it.
As long as the original was okay...
My concern with the buffer overrun was that there might be some
way to prevent the segfault. Again, I'm not as intimately
familiar with some (many) parts of Apache as I'd like to be, but
I wondered if one could trash "enough" of the buffer to cause
trouble _before_ segfaulting.
Although it only allows one to gain Ap-user permissions,
arbitrary code execution allows one to hunt for local exploits.
This is also a big reason why suexec/cgiwrap should not be
allowed to run things as root.
One interesting thing about exploits is that they help people
program more defensively...
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@xxxxxxxxx>
To: blacklist@xxxxxxxxx
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@xxxxxxxxx>, or you are likely to
be blocked.