Full Disclosure: Re: PHP dlopen() -> Fun with apache (and other

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: PHP dlopen() -> Fun with apache (and other

From: "Andreas Gietl" <a.gietl () e-admin de>
Date: Wed, 13 Aug 2003 13:47:58 +0200

Stefan Esser <s.esser () e-matters de> wrote:

Hello,

well you describe nothing more than the documented functionality
of the dlopen() call.


Yes of course. But this advisory should sharpen admins-mind to the threats the
dl()-function confronts us with. Administrators migth think that these newly
loaded modules are "contained" or otherwise protected.

You can also have a lot of fun with loading
linux kernel modules if your admin allows users to load kernel moduels.
And stealing SSL private key from apache memory is not really a
challenge... You only need to search for some signature in memory 
and "steal" the next few byte behind it.

Stefan Esser





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

PHP dlopen() -> Fun with apache (and other andrewg (Aug 13)
- Re: PHP dlopen() -> Fun with apache (and other Stefan Esser (Aug 13)
  - Re: PHP dlopen() -> Fun with apache (and other andrewg (Aug 13)
  - Re: PHP dlopen() -> Fun with apache (and other Andreas Gietl (Aug 13)