Date: Thu, 20 Jun 2002 03:03:47 -0700 (PDT) From: Muhammad Faisal Rauf Danka <mfrd@attitudex.com> To: freebsd-security@freebsd.org Subject: Apache vulnerability for 32 bit *nix and 64 bit *nix (solaris/SPARC) Message-ID: <20020620100347.BA9563ECC@sitemail.everyone.net>
next in thread | raw e-mail | index | archive | help
GOBBLES Security released Remote Apache 1.3.x Exploit, at http://online.securityfocus.com/attachment/2002-06-20/apache-scalp.c As it's mentioned in the exploit that: < * The "experts" have already concurred that this bug... * - Can not be exploited on 32-bit *nix variants * - Is only exploitable on win32 platforms * - Is only exploitable on certain 64-bit systems * * However, contrary to what ISS would have you believe, we have * successfully exploited this hole on the following operating systems: * * Sun Solaris 6-8 (sparc/x86) * FreeBSD 4.3-4.5 (x86) * OpenBSD 2.6-3.1 (x86) * Linux (GNU) 2.4 (x86) * * Don't get discouraged too quickly in your own research. It took us close * to two months to be able to exploit each of the above operating systems. * There is a peculiarity to be found for each operating system that makes the * exploitation possible. > So i think x86 apache admins shouldn't be like "[ aah its only for win32 and 64 bit *nixes, ]" and I again repeat that even 64 bit *nixes include SPARCH Solaris which is found in abundance. I think its about time Sun people should also take notice of it. Sites like sunfreeware.com and alike should put updated apache packages. Else bad time for solaris sparc/ apache admins. Regards, --------- Muhammad Faisal Rauf Danka Chief Technology Officer Gem Internet Services (Pvt) Ltd. web: www.gem.net.pk Vice President Pakistan Computer Emergency Responce Team (PakCERT) web: www.pakcert.org Chief Security Analyst Applied Technology Research Center (ATRC) web: www.atrc.net.pk _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Promote your group and strengthen ties to your members with email@yourgroup.org by Everyone.net http://www.everyone.net/?btn=tag To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020620100347.BA9563ECC>