Apache holed, fixed

1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #43,092 by kmself 6/20/02 10:05:52 PM Reply	Apache holed, fixed That Apache DoS 'sploit looks to be an actual remote compromise (OpenBSD must be pissed, five years' claim down the drain). Apache.org had patches out yesterday, most of the vendors got 'em out last night. Those of you who roll your own, start smokin' them compilers. `-- Karsten M. Self [link\|mailto:kmself@ix.netcom.com\|kmself@ix.netcom.com] [link\|http://kmself.home.netcom.com/\|[link\|http://kmself.home.netcom.com/\|http://kmself.home.netcom.com/]] What part of "gestalt" don't you understand? Keep software free. Oppose the CBDTPA. Kill S.2048 dead. [link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|[link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|http://www.eff.org/...a_alert.html]]`
Post #43,095 by ben_tilly 6/20/02 10:34:20 PM Reply	Reference on remote compromise? I thought that it was only a remote compromise on Windows, and there is an unproven outside chance of the same on 64-bit platforms? (Then again I haven't been following this closely.) Cheers, Ben "... I couldn't see how anyone could be educated by this self-propagating system in which people pass exams, teach others to pass exams, but nobody knows anything." --Richard Feynman
Post #43,098 by folkert 6/20/02 11:22:29 PM Reply	Your recall is very good... I am on about a ka-jillion Security alerting mailing lists... I seems to recall the same things about it _being_ when Apache being on Windows and being POSSIBLE on 64-bit architectures... Would that mean... if you cluster two 32-bit machines ... does that count??? `greg, curley95@attbi.com -- REMEMBER ED CURRY!!!`
Post #43,100 by ben_tilly 6/20/02 11:28:34 PM Reply	Not the way I remember it The story that I remember is that on *nix the exploit had you trying to access an address over 2 GB. On 32-bit platforms that is an illegal thing to do, core dump you bad boy. On 64-bit platforms that is legal, but unless you are using 64-bit pointers and your Apache kid is addressing more than 2 GB, that will be an illegal address again. In that miniscule remaining case, execute something, which (unless someone can come up with something I didn't hear about) you have no control over, which therefore is likely to segfault almost immediately anyways. Cheers, Ben "... I couldn't see how anyone could be educated by this self-propagating system in which people pass exams, teach others to pass exams, but nobody knows anything." --Richard Feynman
Post #43,112 by kmself 6/21/02 1:55:33 AM Reply	Gobbles Gobbles [link\|http://online.securityfocus.com/news/493\|Gobbles] claims remote 'sploit on OpenBSD. `-- Karsten M. Self [link\|mailto:kmself@ix.netcom.com\|kmself@ix.netcom.com] [link\|http://kmself.home.netcom.com/\|[link\|http://kmself.home.netcom.com/\|http://kmself.home.netcom.com/]] What part of "gestalt" don't you understand? Keep software free. Oppose the CBDTPA. Kill S.2048 dead. [link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|[link\|http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html\|http://www.eff.org/...a_alert.html]]`
Post #43,123 by ben_tilly 6/21/02 6:17:45 AM Reply	Ouch I had obviously not been following closely enough. Cheers, Ben "... I couldn't see how anyone could be educated by this self-propagating system in which people pass exams, teach others to pass exams, but nobody knows anything." --Richard Feynman

Apache holed, fixed - (kmself) - (5) - June 20, 2002, 10:05:52 PM EDT

Reference on remote compromise? - (ben_tilly) - (4) - June 20, 2002, 10:34:20 PM EDT

Your recall is very good... - (folkert) - (1) - June 20, 2002, 11:22:29 PM EDT

Not the way I remember it - (ben_tilly) - June 20, 2002, 11:28:34 PM EDT

Gobbles Gobbles - (kmself) - (1) - June 21, 2002, 01:55:33 AM EDT

Ouch - (ben_tilly) - June 21, 2002, 06:17:45 AM EDT

iwethey.org

Certainly, as long as they don't require any treatment.
55 ms