On Thu, 27 Jun 2002, Paul Dorneanu wrote: > 1. RH a zis ca Apache nu ar trebui sa fie o problema : > > Our investigations show that this bug cannot be used to gain remote access > to a server running Apache on Red Hat Linux on 32-bit platforms, but it > does cause the child process to die. The Apache parent process will > notice this and start a new child process when necessary -- using more > resources than normal. >
Well faceti un mic test cu exploit-ul care crashuieste apache-ul (colegii mei au facut) pus intr-un for(;;) si vedeti ca nu e vorba de "mancarea resurselor" ci pur si simplu devine apache-ul ala neutilizabil (si urca si load-ul pe la x sute, si asta pe o masina care altceva nu facea, nu mai vorbesc de una de productie). Deci chiar daca nu iti obtine shell, fara update e foarte nashpa. > Investigations by the Apache Software Foundation show that in some cases > 64-bit platforms may have a greater exposure and could be remotely > exploited to allow arbitrary code to be run on the server. > > > 2. nu vad legatura cu cele dinainte > Cred ca omul credea ca nu afecteaza si 2.0.x sau ca exista patch doar pt 2.0.x or somthing ---------------------------- Mihai RUSU Disclaimer: Any views or opinions presented within this e-mail are solely those of the author and do not necessarily represent those of any company, unless otherwise specifically stated. --- Pentru dezabonare, trimiteti mail la [EMAIL PROTECTED] cu subiectul 'unsubscribe rlug'. REGULI, arhive si alte informatii: http://www.lug.ro/mlist/
