[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] PHP dlopen() -> Fun with apache (and other

To: Stefan Esser <s.esser@e-matters.de>, <andrewg@felinemenace.org>
Subject: Re: [Full-Disclosure] PHP dlopen() -> Fun with apache (and other
From: "Andreas Gietl" <a.gietl@e-admin.de>
Date: Wed, 13 Aug 2003 13:47:58 +0200

Stefan Esser <s.esser@e-matters.de> wrote:

> Hello,
> 
> well you describe nothing more than the documented functionality
> of the dlopen() call. 

Yes of course. But this advisory should sharpen admins-mind to the threats the
dl()-function confronts us with. Administrators migth think that these newly
loaded modules are "contained" or otherwise protected.

> You can also have a lot of fun with loading
> linux kernel modules if your admin allows users to load kernel moduels.
> And stealing SSL private key from apache memory is not really a
> challenge... You only need to search for some signature in memory 
> and "steal" the next few byte behind it.
> 
> Stefan Esser

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] PHP dlopen() -> Fun with apache (and other
  - From: andrewg@felinemenace.org
- Re: [Full-Disclosure] PHP dlopen() -> Fun with apache (and other
  - From: Stefan Esser <s.esser@e-matters.de>

Prev by Date: [Full-Disclosure] windowsupdate.com
Next by Date: RE: [Full-Disclosure] MSBlast DDoS
Prev by thread: Re: [Full-Disclosure] PHP dlopen() -> Fun with apache (and other
Next by thread: RE: [Full-Disclosure] Blaster: will it spread without tftp?
Index(es):
- Date
- Thread