Re: lug-bg: apache remote vulnerability
- Subject: Re: lug-bg: apache remote vulnerability
- From: borj@xxxxxxxxx (Boris Jordanov)
- Date: Fri, 21 Jun 2002 10:38:53 +0300
On Fri, 21 Jun 2002 15:11:02 +0800
"yasho " <yasho@xxxxxxxxxxxxx> wrote:
> Az sym typ i ne razbiram - shto nqkoi ne zeme da mi obiasni kakyv mi e
> problema kato izlezne klienta sys SEGFAULT i zatvoria connection-a ? a? Ili
> moje bi vie polzvat 64-bit Unixi ili Winboze ili Netware ?--
Problema e, che ne zasjaga _samo_ 64bit Unices ili Windows, vupreki tvurdeniata
na ISS, dokolkoto moze da se vjarva na GOBBLES (sledva header ot tehnia exploit
za OpenBSD)
/*
* exploit.c
* OPENBSD/X86 APACHE REMOTE EXPLOIT!!!!!!!
*
* ROBUST, RELIABLE, USER-FRIENDLY MOTHERFUCKING 0DAY WAREZ!
*
* BLING! BLING! --- BRUTE FORCE CAPABILITIES --- BLING! BLING!
*
* ". . . and Doug Sniff said it was a hole in Epic."
*
* ---
* Disarm you with a smile
* And leave you like they left me here
* To wither in denial
* The bitterness of one who's left alone
* ---
*
* Remote OpenBSD/Apache exploit for the "chunking" vulnerability. Kudos to
* the OpenBSD developers (Theo, DugSong, jnathan, *@#!w00w00, ...) and
* their crappy memcpy implementation that makes this 32-bit impossibility
* very easy to accomplish. This vulnerability was recently rediscovered by a
slew
* of researchers.
*
* The "experts" have already concurred that this bug...
* - Can not be exploited on 32-bit *nix variants
* - Is only exploitable on win32 platforms
* - Is only exploitable on certain 64-bit systems
*
* However, contrary to what ISS would have you believe, we have
* successfully exploited this hole on the following operating systems:
*
* Sun Solaris 6-8 (sparc/x86)
* FreeBSD 4.3-4.5 (x86)
* OpenBSD 2.6-3.1 (x86)
* Linux (GNU) 2.4 (x86)
*
Razumno e da si podgotven i da ochakvash naj-loshoto, ako ne se sluchi - zdrave
da e.
Take care
Boris Jordanov (borj) <borj@xxxxxxxxx>
ICQ 10751645
PGP-key-fingerprint:------------------------------
CB23 8B52 5FBC F36A 1B61 F1ED 2831 E52D AAFF 7B08
--------------------------------------------------
Public-key:---------------------------------------
http://borj.freeshell.org/borj.asc
--------------------------------------------------
To err is human...
to really foul up requires the root password.
<HR>
<UL>
<LI>application/pgp-signature \\\\\\\\\ \\\\: stored
</UL>
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|