Product: mod_perl
Versions: 1.99_09 / apache 2.0.47
URL: http://perl.apache.org
Impact: Daemon Hijacking
Bug class: Leaked Descriptor
Vendor notified: Yes
Fix available: No
Date: 01/21/04
Issue:
======
Mod_perl under apache 2.0.x leaks critical file descriptors that can be used to takeover (hijack) the http and https services.
This is not a leak - mod_perl is a module that is compiled into Apache, and hence has access to all its resources (including memory). If you want to run untrusted Perl, then don't use mod_perl.
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
