On Fri, Jun 21, 2002 at 05:31:00AM -0700, Ask Bjoern Hansen wrote: > On Wed, 19 Jun 2002, dreamwvr wrote: > > > "my comments FWIW" > > This means thus far does not impact as_seriously little endian NIX > > based architectures. The reason being? That Apache spawns a pool of > > child processes to serve requests. Therefore a DoS kills the child serving > [...] > > This doesn't make much sense at all. To elaborate this opinion was based on the conclusions of one of the advisories .. > 64bit binaries are exploitable. There are also exploits for several > 32bit systems. well I did not say that x86 was not exploitable. However nix based archs were more difficult. This due to spawning ps rather than as windows and novell using a single process and many threads. That was directly from an advisory.. actually. && in reference to the SEGVs .. directly. > If done "right" these will give the attacker shell access to the > server. Your comments about threaded vs "multi processed" are only > relevant when the exploit is not "done right" (when the server > SEGVs). True; ( && that is what exactly I was referring to.. :) well any exploit "if_done_right" can expand into a full blown remote exploit for example. Once someone is local then basically it is only a matter of time. IMHO. OR if you like sooner or later.
Best Regards, [EMAIL PROTECTED] -- /* Security is a work in progress - dreamwvr */ # # Note: To begin Journey type man afterboot,man help,man hier[.] # // "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \? ;-]
