On Wed, Jun 01, 2005 at 09:32:26AM -0700, Randall R Schulz wrote:
Philipp,
On Wednesday 01 June 2005 09:23, Philipp Snizek wrote:
Hi
got this in my access log of an apache:
213.47.46.45 - - [18/May/2005:17:17:06 +0200] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1
Heh, good ol Hex.
It's an attempt to exploit a buffer overflow vulnerability. If your Apache is up-to-date, you're immune to the attack.
Not true. If it's a 0-day updated Apache won't save you.
Dr Google doesn't know anything bout it.
Any ideas what sort of attack this is?
I'm going to agree with Randal here though that it appears to be an buffer overflow. I just woke up though so I'm not going to sit and do all this in my head to see what it's attempting.
Thanks Philipp
Randall Schulz
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here