lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44.0310150221380.12928-100000@redsky.localdomain>
From: zen-parse at gmx.net (zen-parse)
Subject: Mod-Throttle [was: client attacks server - XSS]

That reminds me...

>From http://www.snert.com/Software/mod_throttle/

...
Elements of the critical & shared memory code, as of mod_throttle/3.0, 
originally derived from the Apache Web Server source code. 
...

The elements of the shared memory code that were used were the same
elements that were buggy in Apache <= 1.3.26.

The outcome though is worse.

A local root exploit is possible if you gain access to the user apache
is running as, due to the module storing pointers in shared memory,
and a data file being writable by the same user.

(Yes, local root from apache is possible because the shutdown/startup 
stuff that is done by the parent process, which runs as root.)

Without the apache scoreboard bug, this is slightly harder to exploit,
as it requires getting the httpd to do a reload config, which used to be
possible via sending the SIGUSR1 to it.

Author was contacted 26 Jan 2002 and apparently he still hasn't got around 
to releasing version 4.0 which was going to fix the problem. 


-- zen-parse

-- 
-------------------------------------------------------------------------
1) If this message was posted to a public forum by zen-parse@....net, it 
may be redistributed without modification. 
2) In any other case the contents of this message is confidential and not 
to be distributed in any form without express permission from the author.




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ