[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GOBBLES and errata 005

To: Marc Matteo <marcm@lectroid.net>
Subject: Re: GOBBLES and errata 005
From: Augusto Cesar Radtke <radtke@illuminion.com>
Date: Sat, 22 Jun 2002 13:35:36 -0300
Cc: misc@openbsd.org
Content-Disposition: inline
Organization: Dauphin E-Security.
References: <1024762807.2237.8.camel@johnwhorfin>
User-Agent: Mutt/1.3.28i

Marc Matteo wrote:

> There seems to be some confusion on the OpenBSD Apache patch and the
> GOBBLES/Apache chunked madness.
> 
> Does patch 005 work?  Some say it does, some say it doesn't.  (Of course
> I'd expect a *lot* of gloating from GOBBLES if the patch was
> ineffective)
> 
> I don't have suitable systems to test against, so I'm asking.  Does
> anyone know for sure?

Hello!

Marc, I work for a security company, our R&D successfuly exploited the vulnerability against Apache 1.3.19, 1.3.22 on OpenBSD 3.0 and 3.1 systems. Yes, the exploit works but not using the default offsets given by GOBBLES.

And the errata fix works perfectly on these systems, stay calm if you already upgraded your server.

Follow-Ups:
- Re: GOBBLES and errata 005
  - From: "Brian K. West" <obsd@pridemania.com>

References:
- GOBBLES and errata 005
  - From: Marc Matteo <marcm@lectroid.net>

Prev by Date: GOBBLES and errata 005
Next by Date: Re: Sparc Problems Revisited
Prev by thread: GOBBLES and errata 005
Next by thread: Re: GOBBLES and errata 005
Index(es):
- Date
- Thread