[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: Remote Apache 1.3.x Exploit

To: misc@openbsd.org
Subject: FW: Remote Apache 1.3.x Exploit
From: auto343553@hushmail.com
Date: Thu, 20 Jun 2002 01:58:12 -0700

Can anyone enlighten me as to whether this exploit will effect OpenBSD 3.1
assuming the httpd has been patched from cvs.

After patching should the version number change or stay the same?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is for immediate release.  This may not be sent to any "advanced warning system", such as ARIS.  This was written for the community, and not just a few companies with deep pockets full of the big dollar.

Attached is a remote Apache 1.3.X exploit for the "chunking" vulnerability.  This version of the exploit works only on OpenBSD.  "Experts" have argued as to why this is not exploitable on x86/*nix.  This version of the exploit has been modified to convince these "experts" that they are wrong.  Further, it is very ./friendly and all scriptkids/penetration testers should be able to run it without any trouble.

My God have mercy on our souls.

- -GOBBLES Security

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wlwEARECABwFAj0Q3g8VHGdvYmJsZXNAaHVzaG1haWwuY29tAAoJEBzRp5chmbAP7R0A
nRyuMq0D8z0T6bg++HH27mGXyPqlAJ9l6Qv8h/5+2pvnn6nJ+sUUZdeebw==
=5v5m
-----END PGP SIGNATURE-----



Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople

Follow-Ups:
- Re: FW: Remote Apache 1.3.x Exploit
  - From: Jedi/Sector One <j@pureftpd.org>
- Re: FW: Remote Apache 1.3.x Exploit
  - From: Marc Matteo <marcm@lectroid.net>

Prev by Date: Re: Apache httpd vulnerability - how fix OpenBSD 2.9
Next by Date: Re: Gateway Problems
Prev by thread: Re: cryptocard RB 1 token problem
Next by thread: Re: FW: Remote Apache 1.3.x Exploit
Index(es):
- Date
- Thread