[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hijacking Apache 2 via mod_perl

To: Steve Grubb <linux_4ever@yahoo.com>
Subject: Re: Hijacking Apache 2 via mod_perl
From: Ben Laurie <ben@algroup.co.uk>
Date: Thu, 22 Jan 2004 15:53:01 +0000

Steve Grubb wrote:

Product: mod_perl Versions: 1.99_09 / apache 2.0.47 URL: http://perl.apache.org Impact: Daemon Hijacking Bug class: Leaked Descriptor Vendor notified: Yes Fix available: No Date: 01/21/04 Issue: ====== Mod_perl under apache 2.0.x leaks critical file descriptors that can be used to takeover (hijack) the http and https services.

This is not a leak - mod_perl is a module that is compiled into Apache, and hence has access to all its resources (including memory). If you want to run untrusted Perl, then don't use mod_perl.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Follow-Ups:
- Re[2]: Hijacking Apache 2 via mod_perl
  - From: 3APA3A <3APA3A@SECURITY.NNOV.RU>

References:
- Hijacking Apache 2 via mod_perl
  - From: Steve Grubb <linux_4ever@yahoo.com>

Prev by Date: Re: [SuSE 9.0] possible symlink attacks in some scripts
Next by Date: TBE - the banner engine server-side script execution vulnerability
Previous by thread: Hijacking Apache 2 via mod_perl
Next by thread: Re[2]: Hijacking Apache 2 via mod_perl
Index(es):
- Date
- Thread