From owner-freebsd-security  Thu Jun 20 13:15:18 2002
Delivered-To: freebsd-security@freebsd.org
Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153])
	by hub.freebsd.org (Postfix) with ESMTP id 58BA237B408
	for <freebsd-security@FreeBSD.ORG>; Thu, 20 Jun 2002 13:15:11 -0700 (PDT)
Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111])
	by gw.nectar.cc (Postfix) with ESMTP
	id B3192D; Thu, 20 Jun 2002 15:15:10 -0500 (CDT)
Received: from madman.nectar.cc (localhost [IPv6:::1])
	by madman.nectar.cc (8.12.3/8.12.3) with ESMTP id g5KKFAJI056321;
	Thu, 20 Jun 2002 15:15:10 -0500 (CDT)
	(envelope-from nectar@madman.nectar.cc)
Received: (from nectar@localhost)
	by madman.nectar.cc (8.12.3/8.12.3/Submit) id g5KKF9Gs056320;
	Thu, 20 Jun 2002 15:15:09 -0500 (CDT)
Date: Thu, 20 Jun 2002 15:15:09 -0500
From: "Jacques A. Vidrine" <nectar@FreeBSD.ORG>
To: "David G . Andersen" <danderse@cs.utah.edu>
Cc: Jeff Gentry <freebsd@hexdump.org>, freebsd-security@FreeBSD.ORG
Subject: Re: Apache root exploitable?
Message-ID: <20020620201509.GC56227@madman.nectar.cc>
Mail-Followup-To: "Jacques A. Vidrine" <nectar@FreeBSD.org>,
	"David G . Andersen" <danderse@cs.utah.edu>,
	Jeff Gentry <freebsd@hexdump.org>, freebsd-security@FreeBSD.ORG
References: <MBBBIOEFHOPIGEHFPADDAEIHCAAA.ghebion@phreaker.net> <20020620154453.L76822-100000@hellfire.hexdump.org> <20020620134143.C14099@cs.utah.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020620134143.C14099@cs.utah.edu>
User-Agent: Mutt/1.3.99i
X-Url: http://www.nectar.cc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, Jun 20, 2002 at 01:41:43PM -0600, David G . Andersen wrote:
> 
>   It's not _root_ exploitable unless you run Apache as root.
> 
>   If you do that, you're asking for it anyway.
> 
>   It may or may not be remotely exploitable.  It looks a lot more
> exploitable than it did a few days ago. :)

David is on the money.  We've yet to confirm that the bug can be
exploited for arbitrary code execution, but GOBBLES's post (and
se@FreeBSD.org's follow-up) do have us worried still.

Assume that it can be exploited, and upgrade as soon as you can.

After all, even if it is `only' a DoS, it will probably get hit a
lot once someone writes a Code Red-like worm for the Win32 version.
History tells us that such worms don't bother to check the operating
system or version that is running before attacking, and I would expect
apache < 1.3.26 servers to experience a lot of downtime as a result.
:-)


Cheers,
-- 
Jacques A. Vidrine <n@nectar.cc>                 http://www.nectar.cc/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrine@verio.net     .  nectar@FreeBSD.org  .          nectar@kth.se

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message