[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GOBBLES and errata 005

To: Augusto Cesar Radtke <radtke@illuminion.com>
Subject: Re: GOBBLES and errata 005
From: "Brian K. West" <obsd@pridemania.com>
Date: Sat, 22 Jun 2002 22:51:07 -0500 (CDT)
Cc: Marc Matteo <marcm@lectroid.net>, <misc@openbsd.org>

Thats funny I was running 1.3.19 on 3.0 and it didn't do a damn thing to
my box.  I tried it every way possible.  Again I might have had something
compiled or configured diffrently where it wouldn't work against my box.

bkw


On Sat, 22 Jun 2002, Augusto Cesar Radtke wrote:

> Marc Matteo wrote:
>
> > There seems to be some confusion on the OpenBSD Apache patch and the
> > GOBBLES/Apache chunked madness.
> >
> > Does patch 005 work?  Some say it does, some say it doesn't.  (Of course
> > I'd expect a *lot* of gloating from GOBBLES if the patch was
> > ineffective)
> >
> > I don't have suitable systems to test against, so I'm asking.  Does
> > anyone know for sure?
>
> Hello!
>
> Marc, I work for a security company, our R&D successfuly exploited the vulnerability against Apache 1.3.19, 1.3.22 on OpenBSD 3.0 and 3.1 systems. Yes, the exploit works but not using the default offsets given by GOBBLES.
>
> And the errata fix works perfectly on these systems, stay calm if you already upgraded your server.

References:
- Re: GOBBLES and errata 005
  - From: Augusto Cesar Radtke <radtke@illuminion.com>

Prev by Date: Re: GOBBLES and errata 005
Next by Date: Re: Scrolley.
Prev by thread: Re: GOBBLES and errata 005
Next by thread: Re: GOBBLES and errata 005
Index(es):
- Date
- Thread