On Tue, 2002-06-25 at 12:02, John Oakes wrote:
>
> That would be my guess too. One thing to note is that many people's default
> configuration won't log anything for this. There is already an exploit
> circulating that gives root on BSD operating systems, and the authors claims
> to have one for Linux that they will release soon. I just glanced at the
> BSD one and it looks like it uses the Apache vulnerability to get a shell
> and then a memcpy vulnerability to actually obtain root. I don't think the
> memcpy problem exists on Linux, but I would still be very worried if I
> hadn't already upgraded. It also still has the ability to kill the thread,
> so I wouldn't be surprised if it killed his Apache. One thing to note too
> is that if you upgrade with apt-get, make sure you restart Apache manually,
> because it isn't done for you. There is a scanner here to check if you are
> vulnerable; however, it has to be run on Windows (or maybe it will work with
> Wine). http://www.eeye.com
A *lot* of people are saying that Linux is not vulnerable, at least to
the existing GOBBLES exploit, because Linux/glibc implements the
memcpy() in a way that makes it immune to that particular exploit. The
worst to be expected is Denial-of-Service as some Script Kiddie hax0r
kills off all your Apache processes. The reason the *BSD exploit works
is because of a very bizarre (to me) way the BSD implementation of
memcpy() handles negative offsets.
So far GOBBLES have only released a *BSD exploit, but they claim to also
have an exploit for Linux and Solaris machines.
In any case, Apache upgrade is the absolutely recommended solution.
More details about the bug can be found on the Apache homepage at
http://httpd.apache.org/
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#!/usr/bin/perl -w
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
$t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
print+x"C*",@a}';s/x/pack+/g;eval
usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \
| extract_mpeg2 | mpeg2dec -
http://www.cs.cmu.edu/~dst/DeCSS/Gallery/
http://www.eff.org/ http://www.anti-dmca.org/
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 13:01:39 EDT