On Fri, 30 Oct 1998, Ralf S. Engelschall wrote:
> So on a typical system an attacker who gained access to _any_ account (not
> necessarily the UID of the httpd or the gcache process) can simply dropping
> down gcache and this way all httpds by just sending garbage to the gcache
> port.
What does gcache do? What does someone gain by being able to gain
access to it? Can they do anything beyond DoS attacks?
> | rse@en1:/e/apache/SSL/SRC/mod_ssl-2.0/pkg.apache/src/modules/ssl
> | :> ./ssl_gcache rse 12346 &
> | [1] 29897
> | [Fri Oct 30 22:35:43 1998] ssl_gcache: started
> | rse@en1:/e/apache/SSL/SRC/mod_ssl-2.0/pkg.apache/src/modules/ssl
> | :> ps -ax | grep ssl_gcache
> | 306 ?? I 0:00.03 ssl_gcache 65534 12345
> | 29897 p0 S 0:00.02 ./ssl_gcache rse 12346
> | rse@en1:/e/apache/SSL/SRC/mod_ssl-2.0/pkg.apache/src/modules/ssl
> | :> echo "hello" | socket en1 12346
> | [Fri Oct 30 22:35:54 1998] ssl_gcache: unexpected connect from 192.76.162.40 -
>ignored
Actually, Ben's code does the exact same thing in this case. In
your previous example, you connected to localhost.
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
