Re: [SLUG] Quick Apache question

• Next message: patrick grantham: "[SLUG] splash messages to another user using vnc"
• Previous message: Derek Glidden: "Re: [SLUG] Quick Apache question"
• In reply to: Derek Glidden: "Re: [SLUG] Quick Apache question"
• Next in thread: Ken Billings: "Re: [SLUG] Quick Apache question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> A *lot* of people are saying that Linux is not vulnerable, at least to
> the existing GOBBLES exploit, because Linux/glibc implements the
> memcpy() in a way that makes it immune to that particular exploit. The
> worst to be expected is Denial-of-Service as some Script Kiddie hax0r
> kills off all your Apache processes. The reason the *BSD exploit works
> is because of a very bizarre (to me) way the BSD implementation of
> memcpy() handles negative offsets.

The exploit that claims to work on Linux is apache-massacre.c, but who knows
if it really exists. The problem is now any vulnerability that is found
that allows an unprivelaged user to elevate their privelages could be used
in conjuction with this Apache problem to remotely gain root. It is only a
matter of time. Lets hope most people upgrade so we don't have to hear
about this for the next 6 months.

John

>
> So far GOBBLES have only released a *BSD exploit, but they claim to also
> have an exploit for Linux and Solaris machines.
>
> In any case, Apache upgrade is the absolutely recommended solution.
>
> More details about the bug can be found on the Apache homepage at
> http://httpd.apache.org/
>
> --
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> #!/usr/bin/perl -w
> $_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
> {$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
> $t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
> [$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
> "",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
> unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
> >>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
> 8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
> print+x"C*",@a}';s/x/pack+/g;eval
>
> usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \
> | extract_mpeg2 | mpeg2dec -
>
> http://www.cs.cmu.edu/~dst/DeCSS/Gallery/
> http://www.eff.org/ http://www.anti-dmca.org/

• Next message: patrick grantham: "[SLUG] splash messages to another user using vnc"
• Previous message: Derek Glidden: "Re: [SLUG] Quick Apache question"
• In reply to: Derek Glidden: "Re: [SLUG] Quick Apache question"
• Next in thread: Ken Billings: "Re: [SLUG] Quick Apache question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 13:01:45 EDT