From owner-freebsd-security  Thu Jun 20 12:38:55 2002
Delivered-To: freebsd-security@freebsd.org
Received: from hellfire.hexdump.org (h006097e24f05.ne.client2.attbi.com [24.62.157.118])
	by hub.freebsd.org (Postfix) with ESMTP id E95A637B400
	for <freebsd-security@freebsd.org>; Thu, 20 Jun 2002 12:38:48 -0700 (PDT)
Received: from hellfire.hexdump.org (localhost [127.0.0.1])
	by hellfire.hexdump.org (8.12.2/8.12.2) with ESMTP id g5KJjx1T076831
	for <freebsd-security@freebsd.org>; Thu, 20 Jun 2002 15:45:59 -0400 (EDT)
	(envelope-from freebsd@hexdump.org)
Received: from localhost (freebsd@localhost)
	by hellfire.hexdump.org (8.12.2/8.12.2/Submit) with ESMTP id g5KJjwm6076828
	for <freebsd-security@freebsd.org>; Thu, 20 Jun 2002 15:45:59 -0400 (EDT)
Date: Thu, 20 Jun 2002 15:45:58 -0400 (EDT)
From: Jeff Gentry <freebsd@hexdump.org>
To: freebsd-security@freebsd.org
Subject: Apache root exploitable?
In-Reply-To: <MBBBIOEFHOPIGEHFPADDAEIHCAAA.ghebion@phreaker.net>
Message-ID: <20020620154453.L76822-100000@hellfire.hexdump.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I'm a bit confused following all these messages, especially with that
expoit script someone sent out "Apache exploitable?".  Is this thing root
exploitable?  Reading the code sent out in the aforementioned thread it
sounds as if it might be but I was not certain.

Is there a workaround outside of closing off Apache?

Thanks
-J



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message