From owner-freebsd-security  Thu Jun 20 12:42:16 2002
Delivered-To: freebsd-security@freebsd.org
Received: from wrath.cs.utah.edu (wrath.cs.utah.edu [155.99.198.100])
	by hub.freebsd.org (Postfix) with ESMTP id 0F33537B40F
	for <freebsd-security@FreeBSD.ORG>; Thu, 20 Jun 2002 12:41:45 -0700 (PDT)
Received: from famine.cs.utah.edu (famine.cs.utah.edu [155.99.198.114])
	by wrath.cs.utah.edu (8.11.6/8.11.6) with ESMTP id g5KJfh104908;
	Thu, 20 Jun 2002 13:41:44 -0600 (MDT)
Received: by famine.cs.utah.edu (Postfix, from userid 2146)
	id 8E88A23A7A; Thu, 20 Jun 2002 13:41:43 -0600 (MDT)
Date: Thu, 20 Jun 2002 13:41:43 -0600
From: "David G . Andersen" <danderse@cs.utah.edu>
To: Jeff Gentry <freebsd@hexdump.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Apache root exploitable?
Message-ID: <20020620134143.C14099@cs.utah.edu>
References: <MBBBIOEFHOPIGEHFPADDAEIHCAAA.ghebion@phreaker.net> <20020620154453.L76822-100000@hellfire.hexdump.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <20020620154453.L76822-100000@hellfire.hexdump.org>; from freebsd@hexdump.org on Thu, Jun 20, 2002 at 03:45:58PM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Jeff Gentry just mooed:
> I'm a bit confused following all these messages, especially with that
> expoit script someone sent out "Apache exploitable?".  Is this thing root
> exploitable?  Reading the code sent out in the aforementioned thread it
> sounds as if it might be but I was not certain.

  It's not _root_ exploitable unless you run Apache as root.

  If you do that, you're asking for it anyway.

  It may or may not be remotely exploitable.  It looks a lot more
exploitable than it did a few days ago. :)  Regardless, you should:

> Is there a workaround outside of closing off Apache?

  Upgrade to 1.3.26 or 2.0.39.

  -Dave

-- 
work: dga@lcs.mit.edu                          me:  dga@pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message