Date: Tue, 24 Apr 2001 08:42:41 -0600 From: Jumpin Joe <djstrobelite@starband.net> To: freebsd-security@FreeBSD.ORG Subject: other services vulnerable to globbing exploit? Message-ID: <3AE590D4.66E038DA@starband.net>
next in thread | raw e-mail | index | archive | help
Greetings: I have followed with interest the recent exchanges about the ftpd globbing vulnerability. Below is a line from the logs of a certain site I host. The output looks very similar to the output I've seen shared here about how the vulnerability is exploited. Could this be an (attempt) to exploit the same vulnerability through httpd? And as always, can this even be considered an attack? My apache and bind are up to date and requests like this come through at a variable rate, have not crashed the service, but do seem to be increasing load and eating up bandwidth. Thanks in advance for your consideration. Joe -------------------------------- log output -------------------------------------------------- 216.72.28.15 - - [24/Apr/2001:08:22:34 -0600] "GET /cgi-bin/somecompany/some_script.pl/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/' /'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/some.gif' HTTP/1.0" 200 20165 "http://www.somecompany.com/cgi-bin/omecompany/some_script.pl/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/ '/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/'/ '/'/'/'/'/'/'/'/'/another.gif'" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AE590D4.66E038DA>