Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 20 Jun 2002 15:48:23 -0600
From:      "David G . Andersen" <danderse@cs.utah.edu>
To:        Jez Hancock <jez.hancock@munkboxen.mine.nu>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Apache root exploitable?
Message-ID:  <20020620154823.E14099@cs.utah.edu>
In-Reply-To: <20020620215922.A32355@munkboxen.mine.nu>; from jez.hancock@munkboxen.mine.nu on Thu, Jun 20, 2002 at 09:59:22PM %2B0100
References:  <MBBBIOEFHOPIGEHFPADDAEIHCAAA.ghebion@phreaker.net> <20020620154453.L76822-100000@hellfire.hexdump.org> <20020620134143.C14099@cs.utah.edu> <20020620201509.GC56227@madman.nectar.cc> <20020620215922.A32355@munkboxen.mine.nu>
next in thread | previous in thread | raw e-mail | index | archive | help 

Jez Hancock just mooed:
> On Thu, Jun 20, 2002 at 03:15:09PM -0500, Jacques A. Vidrine wrote:
> > David is on the money.  We've yet to confirm that the bug can be
> > exploited for arbitrary code execution, but GOBBLES's post (and
> > se@FreeBSD.org's follow-up) do have us worried still.
> In my experience, it has been confirmed/checked to work on OpenBSD 3.0.
> 
> An associate tested the exploit code submitted by GOBBLES and as it says
> on the tin, it does lead to a buffer overflow in OpenBSD (certainly
> 3.0).

  That's enough confirmation for me, IMHO. :-)

> The exploit header bullsh^H^H^H^H^Hlurb below however is some cause for
> concern, stating that the exploit is indeed applicable to FreeBSD
> 4.3-4.5.  In my experience this is not the case running FreeBSD4.4
> Apache 1.3.20, but perhaps the author of the vulnerability would like to
> comment on this.  I am a mere mortal and do not claim to have ever
> understood the finer details of bof and such. :)

  You're misunderstanding the text in their message.  They claim that
the bug is exploit_able_ on OpenBSD, FreeBSD, Solaris, and Linux -- 
but they say that the exploit they've published is only for OpenBSD.   

  -Dave

-- 
work: dga@lcs.mit.edu                          me:  dga@pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020620154823.E14099>