Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] Apache update
  • From: Martin Borchert <martin.borchert@xxxxxx>
  • Date: Wed, 19 Jun 2002 10:57:39 +0200
  • Message-id: <200206191057.42217@xxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ts wrote:

> There is an issue with apache, corroborated by the apache
> guys,
> with a story at /.

I have some problems evaluating this bug.

- --http://httpd.apache.org/info/security_bulletin_20020617.txt--
In Apache 1.3 the issue causes a stack overflow. Due to the nature
of the overflow on 32-bit Unix platforms this will cause a
segmentation violation and the child will terminate. However on
64-bit platforms the overflow can be controlled and so for
platforms that store return addresses on the stack it is likely
that it is further exploitable. This could allow arbitrary code to
be run on the server as the user the Apache children are set to run
as. We have been made aware that Apache 1.3 on Windows is
exploitable in a similar way as well.
- --------------------------------------------------------------------

So I guess when running apache on some x86-type of processor and
linux or bsd as OS, all that can happen is a DOS. Right?
If so, how severe is this DOS? How long does it take for httpd to
fork a new child under normal conditions (moderate load, plenty of
ram, dual pIII 800)?

Martin Borchert

- --
when in danger or in doubt, run in circles, scream and shout!
pgp-key: via wwwkeys.de.pgp.net, key id is 0x21eec9b0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9EEeGLpdxqCHuybARAkNzAKCb8ONRoimecQOJBIm/cS6r0PtUPQCgxtcL
6hqrmoT5bTtYV/n8yJRk2dk=
=vXiW
-----END PGP SIGNATURE-----


< Previous Next >
Follow Ups
References