Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Remote Apache 1.3.x Exploit (forw)
  • From: Joerg Mayer <jmayer@xxxxxxxxx>
  • Date: Thu, 20 Jun 2002 12:29:56 +0200
  • Message-id: <20020620122956.D14410@xxxxxxxxxxxxxxxxxxxxxxxxx>
The Suse security annoucement for apache claims that no remote code
execution on Unix is possible, here is someone who claims the contrary.

Ciao
Jörg

----- Forwarded message from gobbles@xxxxxxxxxxxx -----

Mailing-List: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Precedence: bulk
Delivered-To: mailing list bugtraq@xxxxxxxxxxxxxxxxx
Delivered-To: moderator for bugtraq@xxxxxxxxxxxxxxxxx
From: gobbles@xxxxxxxxxxxx
To: vulndev@xxxxxxxxxxx, submissions@xxxxxxxxxxxxxxxxxxxxxxx,
bugs@xxxxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx,
vuln-dev@xxxxxxxxxxxxxxxxx
Subject: Remote Apache 1.3.x Exploit
Date: Wed, 19 Jun 2002 12:45:24 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is for immediate release. This may not be sent to any "advanced warning system", such as ARIS. This was written for the community, and not just a few companies with deep pockets full of the big dollar.

Attached is a remote Apache 1.3.X exploit for the "chunking" vulnerability. This version of the exploit works only on OpenBSD. "Experts" have argued as to why this is not exploitable on x86/*nix. This version of the exploit has been modified to convince these "experts" that they are wrong. Further, it is very ./friendly and all scriptkids/penetration testers should be able to run it without any trouble.

My God have mercy on our souls.

- -GOBBLES Security

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wlwEARECABwFAj0Q3g8VHGdvYmJsZXNAaHVzaG1haWwuY29tAAoJEBzRp5chmbAP7R0A
nRyuMq0D8z0T6bg++HH27mGXyPqlAJ9l6Qv8h/5+2pvnn6nJ+sUUZdeebw==
=5v5m
-----END PGP SIGNATURE-----


-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wj8DBQA9EN2kHNGnlyGZsA8RAszJAKC6gM7Rnf8p3fWtYKSDBgks2LiZGACgnexEYyKi
W7a/WWEjaPADqrUNZDs=
=wgQL
-----END PGP SIGNATURE-----


----- End forwarded message -----

--
Joerg Mayer <jmayer@xxxxxxxxx>
I found out that "pro" means "instead of" (as in proconsul). Now I know
what proactive means.


< Previous Next >
This Thread
  • No further messages