水曜日, 10月 27, 2010

【zeroday】Apache2.2Windows版のローカル側DoS問題

Apache w/ Perl@WindowsOSのローカル側DoSが発見されております。
再現コード.plがこちらへダウンロードが出来ます。

# Exploit Title: Apache 2.2 local denail of service windows
# Date: 25/10/2010
# Author: FB1H2S
# Software Link: http://httpd.apache.org/.
# Version: APACHE 2.2.16
# Tested on: wINDOWS xP SERVICE PACK 3
# CVE : N/A
##
##Save the file as .pl in apache cgi-bin and Call this file from your browser and appache will
##crash throwing a debug prompt if configured
## Apache by default is configured with perl and Crash occurs when a perl cgi module tries to
##execute, calling the perl cgi binary from the "c:\\ path" which is an invalid location. Apache ##by default restarts automatically on every crash. Tested on Apache 2.2.16 on windows xp. This bug is only affected on (Apache + perl) windows.
---
ゼロデイ・リサーチチーム
http://0day.jp

0 件のコメント:

コメントを投稿