Re: Apache Exploit

From: Alex Balayan (balayanat_private)
Date: Sun Jun 23 2002 - 05:04:45 PDT

  • Next message: Syzop: "Apache vulnerability checking"

    I get the same error on OpenBSD 3.1 with Apache/1.3.24 (Unix) mod_ssl/2.8.8 
    OpenSSL/0.9.6b
    
    ./Alex
    >On Fri, 21 Jun 2002 23:57:41 -0400 (EDT)
    >David Bernick <bernzat_private> wrote:
    >
    > > > In one case (the RH box), it looked like a TCP lockup condition. The 
    > thing
    > > > just stopped responding to outside stimuli, and right after that, inputs
    > > > via the local keyboard stopped as well. I haven't had time to dig 
    > into it
    > > > further.
    > >
    > > I've tested the Gobbles 'sploit against the following machines/platforms:
    > > 1. RH Linux 6.1 w Apache 1.2.x PIII 512MB
    > > 2. RH Linux 7.2 w Apache 1.3.24 PIII 512MB
    > > 3. RH Linux 7.2 w/Tux Webserver PII 128MB
    > > 4. RH Linux 7.2 w Apache 1.3.26 DualPIII 1GB
    > > 5. RH Liunx 6.1 w Apache 1.3.14 on an Alpha processor 512MB
    > >
    > > After 1 full day of running the gobbles code in Brute Force mode, I've
    > > found that the Tux server wouldn't even accept the Chunked encoding so
    > > that seems to pose no threat.
    > > On server 1,2 and 5, I have yet to spawn a rootshell, but a single client
    > > takes up considerable resources on the target machine.
    >
    >You think thats a linux shellcode you're using ?!
    >
    >-- toad
    



    This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 08:51:43 PDT