Vulnerability Development mailing list archives
Re: Apache Exploit
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Thu, 20 Jun 2002 22:49:49 -0400 (EDT)
On Thu, 20 Jun 2002, Jefferson Ogata wrote:
Seems to me SIGTERM is likely as well, though it may not happen until someone reboots the webserver. SIGCHLD is also a possibility if an external CGI is involved, no?
Well... I don't think that SIGCHLD can arrive at the same time as the problematic memcpy() is being executed. I don't think that Apache does request processing while waiting for CGI script to finish - at least on unices, with multi-process model. SIGTERM or SIGKILL - true. That's a good point. You can try over and over again, have e.g. 30 child processes spawned at the same time, it should be not that unlikely to have one of them hit exactly where you want it on next reboot / upgrade, even if you don't know the exact timing. -- _____________________________________________________ Michal Zalewski [lcamtuf () bos bindview com] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/
Current thread:
- Re: Apache Exploit, (continued)
- Re: Apache Exploit David Bernick (Jun 21)
- Re: Apache Exploit T0aD (Jun 22)
- Re: Apache Exploit Alex Balayan (Jun 23)
- Re: Apache Exploit Randy Taylor (Jun 24)
- Re[2]: Apache Exploit dullien (Jun 26)
- Re: Apache Exploit Stefan Esser (Jun 20)
- Re[2]: Apache Exploit dullien (Jun 20)
- Re[2]: Apache Exploit Michal Zalewski (Jun 20)
- Re: Apache Exploit Jefferson Ogata (Jun 20)
- Re: Apache Exploit Michal Zalewski (Jun 21)
- Re: Re[2]: Apache Exploit SpaceWalker (Jun 20)
- Re: Apache Exploit Stefan Esser (Jun 21)
- Re: Apache Exploit Ben Laurie (Jun 26)