Linux-Bulgaria.ORG

навигация

начало

пощенски списък

архив на групата

По Дата

Re: lug-bg: apache remote vulnerability

Subject: Re: lug-bg: apache remote vulnerability
From: danchev@xxxxxxxxx (George Danchev)
Date: Thu, 20 Jun 2002 20:09:10 +0300

On Thursday 20 June 2002 17:41, Georgi Chorbadzhiyski wrote:
> za subject-ta ima veche ot 2 dni pachove. ot barziat mi pregled iz
> .bg prostanstvoto mnogo malko hora sa si napravili truda si
> upgratnat serverchetata. ne se motaite shtoto v nai-skoro vreme
> shte pochne da stava interesno.
> za da testvate dali ste vulnerable opitaite tova
>
> telnet server 80
>
> POST /hello-admin.html HTTP/1.1
> Host: georgi.top.bg
> Transfer-Encoding: chunked
>
> 80000001
> boza
> 0
>
>
> ako vi dropne konekciata hubavo e da se pogrizhite da si pusnete
> apt-get update, up2date ili kvoto tam si puskate.
> ako vi dade 400 bad request, spete spokoino.

àìè àç ïà÷íàõ debian source package-a îò testing è unsable (apache 1.3.24) ñ 
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/005_httpd.patch ñ ëåêè 
ìîäèôèêàöèè è ñå apply-íà ÷èñòî óæ, èíà÷å òðåáå äà downgrade äî apache 1.3.9 
îò stable ùîòî DSA ñå ãðèæàò ñàìî çà stable. Òà ïðåäè äà ïà÷íà 1.3.24 ñ òîçè 
òåñò íàïðàâî ìè çàòâàðåøå êîíåêöèÿòà, à ñëåä êàòî ãî ïà÷íàõ ïëþå Bad Request, 
íî ïàê close-âà connection-a:

HTTP/1.1 400 Bad Request
Date: Thu, 20 Jun 2002 17:00:07 GMT
Server: Apache/1.3.24 (Unix) Debian GNU/Linux mod_python/2.7.6 Python/2.1.3 
PHP/4.1.2
mod_fastcgi/2.2.12 mod_auth_pgsql/0.9.12 mod_throttle/3.1.2 mod_ssl/2.8.7 
OpenSSL/0.9.6c mod_perl/1.26 DAV/1.0.3
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>400 Bad Request</TITLE>
</HEAD><BODY>
<H1>Bad Request</H1>
Your browser sent a request that this server could not understand.

Invalid URI in request  POST /index.html HTTP/1.1

<HR>
<ADDRESS>Apache/1.3.24 Server at localhost Port 80</ADDRESS>
</BODY></HTML>
Connection closed by foreign host.

Òîâà safe ëè å ? èëè ïàê óìèðà child-à è parent-à ìîæå äà íàïðàâè íåêâè 
äèâîòèè ñ ðåñóðñèòå ?
-- 
Greets,
fr33zb1
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================

Във връзка с:
- Re: lug-bg: apache remote vulnerability
  - Изпратено от: mano@xxxxxxxxxxxxx (Marian Popov)
- Re: lug-bg: apache remote vulnerability
  - Изпратено от: gf@xxxxxxxxxxx (Georgi Chorbadzhiyski)
- Re: lug-bg: apache remote vulnerability
  - Изпратено от: mano@xxxxxxxxxxxxx (Marian Popov)

Относно:
- lug-bg: apache remote vulnerability
  - Изпратено от: gf@xxxxxxxxxxx (Georgi Chorbadzhiyski)

Предишно по дата: Re: lug-bg: Slackware 8.1 is released!
Следващо по дата: Re: lug-bg: apache remote vulnerability
Предишно по тема: lug-bg: apache remote vulnerability
Следващо по тема: Re: lug-bg: apache remote vulnerability
Индекс:
- По дата
- По тема

наши приятели

линукс за българи
http://linux-bg.org

FSA-BG
http://fsa-bg.org

OpenFest
http://openfest.org

FreeBSD BG
http://bg-freebsd.org

KDE-BG
http://kde.fsa-bg.org/

Gnome-BG
http://gnome.cult.bg/

проект OpenFMI
http://openfmi.net

NetField Forum
http://netField.ludost.net/forum/

Linux-Bulgaria.ORG