On Mon, Sep 23, 2002 at 12:33:04PM -0700, [EMAIL PROTECTED] wrote: > - -=~=-_-=~=-_-=~=- > I put PHP in the title so I know this message will reach the "sekur1ty c0mmun1ty", >that *knows* that PHP is bad, because it's easy to write insecure applications, >unlike C. > - -=~=-_-=~=-_-=~=- > Problem: > o Apache 2.0 (.39 and .40 tested) on Linuxx0r (and possibly other OS's) > will hang on a write to stderr that is larger than the default buffer > size (4k on Linux) > Impact: > o Local users can cause apache's httpd process to hang > o Possible new DoS to look for in web apps that write > user input to stderr!
*whiny voice* This is a bug in the web applications, and not in Apache. *moan* // Ulf _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
