Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] SuSE Apache patch sufficient?
  • From: Jeremy Buchmann <jeremy@xxxxxxxxxxxxxxx>
  • Date: Thu, 20 Jun 2002 09:03:07 -0700
  • Message-id: <35BB514C-8467-11D6-B5AA-000502E740BA@xxxxxxxxxxxxxxx>

you're right - this also confused me. I guess they are bluffing...
So I tried it against different systems and it did'nt work. I tested it
against
- Debian 2.2 with apache 1.3.24
- Mandrake 7.2 with apache 1.3.20
- SuSE 8.0 with apache 1.3.23

....
We've run this code against a few GNU/Linux servers running Apache
versions prior to the fix...

In all cases it caused Apache children processes to seg fault.

In no cases was any exploit code executed, or parent processes killed.


Read the comments again, this exploit only claims to work on OpenBSD:

* Remote OpenBSD/Apache exploit for the "chunking" vulnerability. Kudos to
* the OpenBSD developers (Theo, DugSong, jnathan, *@#!w00w00, ...) and
* their crappy memcpy implementation that makes this 32-bit impossibility
* very easy to accomplish. This vulnerability was recently rediscovered by a slew
* of researchers.

Apparently this also relies on kernel problems, so you'd need the right shellcode
for a Linux exploit.

--Jeremy


< Previous Next >
References