tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nikola Milutinovic" <Nikola.Milutino...@ev.co.yu>
Subject Re: FLAWS FOUND IN APACHE
Date Wed, 19 Jun 2002 05:38:49 GMT
> > It sounds to me like the only people who need to worry are those who run the 
> > affected versions on Windows * and on 64 bit systems.  For most of us who run 
> > on 32 bit systems on Linux/*BSD/Unix, we don't need to worry, right?
> 
> Not exactly. The bug has been reproduced on Windows and some 64-bit UNIX platforms.
> It doesn't mean that it doesn't exist on 32-bit UNIX versions. It could be so, but until
we
> hear from guys at RedHat and other Linux distros, we will not know for sure.
> 
> Anyway, a buffer overflow always adds a question mark, so until there is a new Apache
release, be on the lookout.

I've just re-read Apache's explanation:

----
In Apache 1.3 the issue causes a stack overflow.  Due to the nature of the
overflow on 32-bit Unix platforms this will cause a segmentation violation
and the child will terminate.  However on 64-bit platforms the overflow
can be controlled and so for platforms that store return addresses on the
stack it is likely that it is further exploitable. This could allow
arbitrary code to be run on the server as the user the Apache children are
set to run as.  We have been made aware that Apache 1.3 on Windows is
exploitable in a similar way as well.
----

Luckily, I'm running 2.0.36 (on a 64-bit platform), so the worst thing would be a denial of
service. Since it is on the intranet, should I see signs of Apache dying, somebody better
be dead >:-)

Nix.

Nix.
Mime
View raw message