| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: zen-parse at gmx.net (zen-parse) Subject: Mod-Throttle [was: client attacks server - XSS] That reminds me... >From http://www.snert.com/Software/mod_throttle/ ... Elements of the critical & shared memory code, as of mod_throttle/3.0, originally derived from the Apache Web Server source code. ... The elements of the shared memory code that were used were the same elements that were buggy in Apache <= 1.3.26. The outcome though is worse. A local root exploit is possible if you gain access to the user apache is running as, due to the module storing pointers in shared memory, and a data file being writable by the same user. (Yes, local root from apache is possible because the shutdown/startup stuff that is done by the parent process, which runs as root.) Without the apache scoreboard bug, this is slightly harder to exploit, as it requires getting the httpd to do a reload config, which used to be possible via sending the SIGUSR1 to it. Author was contacted 26 Jan 2002 and apparently he still hasn't got around to releasing version 4.0 which was going to fix the problem. -- zen-parse -- ------------------------------------------------------------------------- 1) If this message was posted to a public forum by zen-parse@....net, it may be redistributed without modification. 2) In any other case the contents of this message is confidential and not to be distributed in any form without express permission from the author.
Powered by blists - more mailing lists