hi guys! not so long ago a bug for the apache webserver was released. so i want to know more about the bug and the securityholes, cos i had to adminstrate some boxes here at home all up most time. can someone give me the exploit code? i'm to stupid to search cos i hadn't found some code yet. or some information about the risk with using an non-updated apache webserver. still post all u want to. thx guys. so long ... _________________________________________________________________ Downloaden Sie MSN Explorer kostenlos unter http://explorer.msn.de/intl.asp.
http://packetstorm.decepticons.org/filedesc/apachefun.tar.html http://packetstorm.decepticons.org/filedesc/apache-scalp.c.html Regards, "Quem nunca pirateou que atire o 1º disco, que eu atiro uma cópia" =================== Sp0oKeR - NsC Analista Linux / Security spooker@bol.com.br ==================== ----- Original Message ----- From: thilo mohri <c0re@hotmail.com> To: <suse-security@suse.com> Sent: Thursday, June 20, 2002 10:57 AM Subject: [suse-security] Apache Exploit Code
Quer ter seu próprio endereço na Internet? Garanta já o seu e ainda ganhe cinco e-mails personalizados. DomíniosBOL - http://dominios.bol.com.br
hi guys!
not so long ago a bug for the apache webserver was released. so i want to know more about the bug and the securityholes, cos i had to adminstrate some boxes here at home all up most time. can someone give me the exploit code? i'm to stupid to search cos i hadn't found some code yet. or some information about the risk with using an non-updated apache webserver. still post all u want to. thx guys.
so long ...
_________________________________________________________________ Downloaden Sie MSN Explorer kostenlos unter http://explorer.msn.de/intl.asp.
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On Thu, Jun 20, 2002 at 01:57:32PM +0000, thilo mohri wrote:
hi guys!
not so long ago a bug for the apache webserver was released. so i want to know more about the bug and the securityholes, cos i had to adminstrate some boxes here at home all up most time. can someone give me the exploit code? i'm to stupid to search cos i hadn't found some code yet. or some information about the risk with using an non-updated apache webserver. still post all u want to. thx guys.
Why would you need exploit code? Just download the patch and apply. It is even in YaST Online Update now. It appears from the content of your post and your l33t h4ck3r name at hotmail.com that you are a lazy script kiddie. If that is not the case, please stop making stupid requests. Regards, Keith -- LPIC-2, MCSE, N+ Right behind you, I see the millions Got spam? Get spastic http://spastic.sourceforge.net
Keith Winston schrieb:
Why would you need exploit code? Just download the patch and apply. It is even in YaST Online Update now.
sorry for my bad english! it's not realy so. the first message say's there is a bug in apache an suse put the updatet package (1.3.19) on the server. after this moment a new info means all apache's inclusive apache 1.3.25 where exploitable. the info in german: http://www.heise.de/newsticker/data/pab-20.06.02-000/ i think the suse packages are exploitable, because version 1.3.19, and the exploit can help us to find out this.
Bernie Seidenspinner wrote:
it's not realy so. the first message say's there is a bug in apache an suse put the updatet package (1.3.19) on the server. after this moment a new info means all apache's inclusive apache 1.3.25 where exploitable.
Until now, the exploit is only avaiable for openbsd. Till a 'linux' release it will take some time. For 'Admins' who run Sites which are important/HA/whatever the rpm should not be a real problem cause they should use own compiled servers ;) All other ppl: will take some time till you'll get a 'target' for such attacks. Maybe, it's a 'quick patch' to put a Proxy infront who can filter out the Chunked request header (don't slap me if i'm wrong, just an idea ;)
i think the suse packages are exploitable, because version 1.3.19, and the exploit can help us to find out this.
the released exploit for openbsd doesn't work against SuSE (7.3 here) out of the box (with the defined targets), so it's not useable for scriptkiddies (needs a little of brain ;) So, calm down, drink coffe and let the suse-security team do a good job (i'm sure they will.) Greetings, Sven Michels
On Thu, Jun 20, 2002 at 04:35:35PM +0200, Sven 'Darkman' Michels wrote:
the released exploit for openbsd doesn't work against SuSE (7.3 here) out of the box (with the defined targets), so it's not useable for scriptkiddies (needs a little of brain ;)
So, calm down, drink coffe and let the suse-security team do a good job (i'm sure they will.)
OK, I was a little hasty in my reply. I don't really know most people on this list so I should have stayed quiet. The whole post just smelled like script kiddie to me, which doesn't bother me. However, a *lazy* script kiddie does bother me. Best Regards, Keith -- LPIC-2, MCSE, N+ Right behind you, I see the millions Got spam? Get spastic http://spastic.sourceforge.net
On Thu, Jun 20, 2002 at 04:26:04PM +0200, Bernie Seidenspinner wrote:
it's not realy so. the first message say's there is a bug in apache an suse put the updatet package (1.3.19) on the server. after this moment a new info means all apache's inclusive apache 1.3.25 where exploitable.
the info in german: http://www.heise.de/newsticker/data/pab-20.06.02-000/
i think the suse packages are exploitable, because version 1.3.19, and the exploit can help us to find out this.
SuSE has (probably) patched the 1.3.19-sources. Wkr, Sven Vermeulen
[Keith Winston]
Why would you need exploit code? Just download the patch and apply.
An exploit code could be used to check 1) if the bug existed prior to the patch and 2) if the patch corrects the problem. Saying "blindly apply the patch" is probably sufficient for many of us, me included. But in the spirit of free source code, people might want to study and check themselves. That's only healthy in my opinion. Of course, villains might want the exploit code for other reasons :-)
It appears from the content of your post and your l33t h4ck3r name at hotmail.com that you are a lazy script kiddie.
Highly suspicious indeed! -- François Pinard http://www.iro.umontreal.ca/~pinard
participants (7)
-
Bernie Seidenspinner -
Keith Winston -
pinard@iro.umontreal.ca -
Sp0oKeR -
Sven 'Darkman' Michels -
Sven Vermeulen -
thilo mohri