FW: Remote Apache 1.3.x Exploit

Rehor Petr petr.rehor at i.cz
Thu Jun 20 13:31:53 CEST 2002


Mozna, ze vsichni nectete freebsd-security tak pro jistotu.

Na Segmentation fault skoncil muj apache-1.3.20 na FreeBSD 4.5-RELEASE
i apache-1.3.23+russian-30.11+mod_ssl-2.8.7 na FreeBSD 4.6-PRERELEASE
(ackoliv ve freebsd-security probehlo ze rusky apache nachylny neni).

Petr Rehor
ICZ a.s.
Pobocka Ceske Budejovice
J. S. Baara 40, 370 01 Ceske Budejovice, CZ
Tel: +420 (38) 731 28 08
Fax: +420 (38) 731 14 80
mailto:petr.rehor at i.cz
http://www.i.cz


> -----Original Message-----
> From: Muhammad Faisal Rauf Danka [mailto:mfrd at attitudex.com]
> Sent: Thursday, June 20, 2002 11:50 AM
> To: isp-tech at isp-tech.com; isp-security at isp-security.com; 
> isp-linux at isp-linux.com
> Cc: freebsd-security at FreeBSD.ORG; security-discuss at linuxsecurity.com
> Subject: 
> 
> 
> GOBBLES Security released Remote Apache 1.3.x Exploit, at 
> http://online.securityfocus.com/attachment/2002-06-20/apache-scalp.c
> 
> As it's mentioned in the exploit that:
> < * The "experts" have already concurred that this bug...
>  *      -       Can not be exploited on 32-bit *nix variants
>  *      -       Is only exploitable on win32 platforms
>  *      -       Is only exploitable on certain 64-bit systems
>  *
>  * However, contrary to what ISS would have you believe, we have
>  * successfully exploited this hole on the following 
> operating systems:
>  *
>  *      Sun Solaris 6-8 (sparc/x86)
>  *      FreeBSD 4.3-4.5 (x86)
>  *      OpenBSD 2.6-3.1 (x86)
>  *      Linux (GNU) 2.4 (x86)
>  *
>  * Don't get discouraged too quickly in your own research. It 
> took us close
>  * to two months to be able to exploit each of the above 
> operating systems.
>  * There is a peculiarity to be found for each operating 
> system that makes the
>  * exploitation possible.
>  >
> 
> So i think x86 apache admins shouldn't be like "[ aah its 
> only for win32 and 64 bit *nixes, ]"
> 
> and I again repeat that even 64 bit *nixes include SPARC
> Solaris which is found in abundance. 
> 
> I think its about time Sun people should take notice of it.
> 
> Sites like sunfreeware.com and alike should put updated 
> apache packages. else bad time for solaris sparc apache admins.
> 
> Regards, 
> ---------
> Muhammad Faisal Rauf Danka
> 
> Chief Technology Officer
> Gem Internet Services (Pvt) Ltd.
> web: www.gem.net.pk
> 
> Vice President
> Pakistan Computer Emergency Responce Team (PakCERT)
> web: www.pakcert.org
> 
> Chief Security Analyst
> Applied Technology Research Center (ATRC)
> web: www.atrc.net.pk
> 
> _____________________________________________________________
> ---------------------------
> [ATTITUDEX.COM]
> http://www.attitudex.com/
> ---------------------------
> 
> _____________________________________________________________
> Promote your group and strengthen ties to your members with 
> email at yourgroup.org by Everyone.net
http://www.everyone.net/?btn=tag
> 
> To Unsubscribe: send mail to majordomo at FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



More information about the Users-l mailing list