From owner-freebsd-security Thu Jun 20 13:28:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from alive.znep.com (sense-sea-MegaSub-1-448.oz.net [216.39.145.194]) by hub.freebsd.org (Postfix) with ESMTP id 10AAE37B407; Thu, 20 Jun 2002 13:28:20 -0700 (PDT) Received: from localhost (marcs@localhost) by alive.znep.com (8.9.3/8.9.3) with ESMTP id NAA53662; Thu, 20 Jun 2002 13:28:19 -0700 (PDT) (envelope-from marcs@znep.com) Date: Thu, 20 Jun 2002 13:28:18 -0700 (PDT) From: Marc Slemko To: "Jacques A. Vidrine" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Apache root exploitable? In-Reply-To: <20020620201509.GC56227@madman.nectar.cc> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 20 Jun 2002, Jacques A. Vidrine wrote: > On Thu, Jun 20, 2002 at 01:41:43PM -0600, David G . Andersen wrote: > > > > It's not _root_ exploitable unless you run Apache as root. > > > > If you do that, you're asking for it anyway. > > > > It may or may not be remotely exploitable. It looks a lot more > > exploitable than it did a few days ago. :) > > David is on the money. We've yet to confirm that the bug can be > exploited for arbitrary code execution, but GOBBLES's post (and > se@FreeBSD.org's follow-up) do have us worried still. Yes, I have every reason to think it is exploitable for remote code execution. > After all, even if it is `only' a DoS, it will probably get hit a > lot once someone writes a Code Red-like worm for the Win32 version. > History tells us that such worms don't bother to check the operating > system or version that is running before attacking, and I would expect > apache < 1.3.26 servers to experience a lot of downtime as a result. > :-) It isn't a very serious DoS though. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message