RE: [suse-security] Gobbles Apache Exploit
-----Original Message----- From: Patrik Breitenmoser [mailto:pbreitenmoser@festland.ch] Sent: Wednesday, July 03, 2002 10:03 AM To: suse-security@suse.com Subject: [suse-security] Gobbles Apache Exploit
Hi,
I was just wondering if my patched apache on suse 7.3 is save against
There seems to be a presumption that we are safe until proven otherwise, despite indications to the contrary. That worries me. In case you missed it, you should read this: http://online.securityfocus.com/archive/1/278446/2002-06-23/2002-06-29/0 (Possibly exploited on linux / intel in April). Keep in mind also that gobbles claims to have exploited linux. -----Original Message----- From: Roman Dorr [mailto:rdo@tro.net] Sent: Wednesday, July 03, 2002 4:20 AM To: suse-security@suse.com Subject: RE: [suse-security] Gobbles Apache Exploit Hi, afaik the exploit is targeted vs. *BSD Systems. Running it against our Apache's "only" resulted in higher load and error logs filling up. This potential DoS was still possible even with the latest Apache version though, so I wouldn't expect any update helping here. with kind regards, Roman Doerr that
exploit.
regards Patrik
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
I am subscribed to BugTraq and certainly didn't miss any of those mails. Especially thanks to Gobbles refreshing writing style. :) All I said was, that the exploit released by Gobbles was targeted at BSD. That's what they actually wrote in all their mails and the files coming with the exploit, too. And it was the exploit in question. That the DoS issue isn't resolved with the patch alone already makes it "proven otherwise" in my eyes. It's obviously not safe enough, even if it should patch the more serious consequences. So, if my mail below left the impression that I considered Apache to be safe, that was certainly not my intention. Also, please note that I did _not_ use the SuSE Apache, but an install from source. So of course it's possible, that SuSE resolved the DoS problem as well, while they were at it. If someone tried running the exploit against a SuSE patched version, he could probably shed some light on it. Running three of those exploit "clients" against a somewhat low powered Testsystem (some old Pentium) resulted in a load of 2, while leaving the client at like 0.02. Considering the fact that a worm is underway infecting thousands of servers right now (I'm not really optimistic in regards to people applying patches...) that can be used to start DDoS attacks, you can do the math. with kind regards, Roman Doerr
-----Original Message----- From: Alan Rouse [mailto:ARouse@n2bb.com] Sent: Wednesday, July 03, 2002 6:26 PM To: suse-security@suse.com Subject: RE: [suse-security] Gobbles Apache Exploit
There seems to be a presumption that we are safe until proven otherwise, despite indications to the contrary. That worries me.
In case you missed it, you should read this:
http://online.securityfocus.com/archive/1/278446/2002-06-23/2002-06-29/0
(Possibly exploited on linux / intel in April). Keep in mind also that gobbles claims to have exploited linux.
-----Original Message----- From: Roman Dorr [mailto:rdo@tro.net] Sent: Wednesday, July 03, 2002 4:20 AM To: suse-security@suse.com Subject: RE: [suse-security] Gobbles Apache Exploit
Hi,
afaik the exploit is targeted vs. *BSD Systems. Running it against our Apache's "only" resulted in higher load and error logs filling up.
This potential DoS was still possible even with the latest Apache version though, so I wouldn't expect any update helping here.
with kind regards,
Roman Doerr
-----Original Message----- From: Patrik Breitenmoser [mailto:pbreitenmoser@festland.ch] Sent: Wednesday, July 03, 2002 10:03 AM To: suse-security@suse.com Subject: [suse-security] Gobbles Apache Exploit
Hi,
I was just wondering if my patched apache on suse 7.3 is save against that exploit.
regards Patrik
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (2)
-
Alan Rouse -
Roman Dorr