you're right - this also confused me. I guess they are bluffing... So I tried it against different systems and it did'nt work. I tested it against - Debian 2.2 with apache 1.3.24 - Mandrake 7.2 with apache 1.3.20 - SuSE 8.0 with apache 1.3.23
.... We've run this code against a few GNU/Linux servers running Apache versions prior to the fix...
In all cases it caused Apache children processes to seg fault.
In no cases was any exploit code executed, or parent processes killed.
Read the comments again, this exploit only claims to work on OpenBSD: * Remote OpenBSD/Apache exploit for the "chunking" vulnerability. Kudos to * the OpenBSD developers (Theo, DugSong, jnathan, *@#!w00w00, ...) and * their crappy memcpy implementation that makes this 32-bit impossibility * very easy to accomplish. This vulnerability was recently rediscovered by a slew * of researchers. Apparently this also relies on kernel problems, so you'd need the right shellcode for a Linux exploit. --Jeremy