[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GOBBLES and errata 005
Thats funny I was running 1.3.19 on 3.0 and it didn't do a damn thing to
my box. I tried it every way possible. Again I might have had something
compiled or configured diffrently where it wouldn't work against my box.
On Sat, 22 Jun 2002, Augusto Cesar Radtke wrote:
> Marc Matteo wrote:
> > There seems to be some confusion on the OpenBSD Apache patch and the
> > GOBBLES/Apache chunked madness.
> > Does patch 005 work? Some say it does, some say it doesn't. (Of course
> > I'd expect a *lot* of gloating from GOBBLES if the patch was
> > ineffective)
> > I don't have suitable systems to test against, so I'm asking. Does
> > anyone know for sure?
> Marc, I work for a security company, our R&D successfuly exploited the vulnerability against Apache 1.3.19, 1.3.22 on OpenBSD 3.0 and 3.1 systems. Yes, the exploit works but not using the default offsets given by GOBBLES.
> And the errata fix works perfectly on these systems, stay calm if you already upgraded your server.