[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GOBBLES and errata 005

To: misc@openbsd.org
Subject: Re: GOBBLES and errata 005
From: HBurde@t-online.de (Holger Burde)
Date: Mon, 24 Jun 2002 20:04:19 +0100
Organization: warpnet
References: <20020624133608.59640.qmail@web14808.mail.yahoo.com> <20020624175206.A8899@outpost.zedz.net>

hi;

i would rather code something myself (some lines of python,perl etc.) before digging in the 
shit ( .. some scanner crap (RetinaApacheChunked.exe) running on M$hit - oops).

PS sorry but coudn't resist ..

hb
 
On Mon, 24 Jun 2002 17:52:06 +0200
Alex de Joode <usura@zedz.net> wrote:

> On Mon, Jun 24, 2002 at 06:36:07AM -0700, T. Kinch wrote:
> > I have not seen anyone else mention this so I thought
> > I would. I am not a C programmer but if you look at
> > the source of the exploit (available
> > athttp://packetstorm.linuxsecurity.com/0206-exploits/apache-scalp.c)
> > you will see that it is sending a bogus Host: http
> > header. If your Apache server uses virtual servers
> > (requires a correct host header) the exploit as
> > written will not work on you. This obviously does not
> > mean you are not vulnerable.
> > 
> 
> http://www.eeye.com/html/Research/Tools/apachechunked.html
> 
> Has a nice utility to check if a host runs an exploitable
> version of Apache. 
> 
> (now we only need a scanner for exploitable openssh versions :()
> 
> -- 
> Alex de Joode
> usura@zedz.net			

[demime 0.98d removed an attachment of type application/pgp-signature]

References:
- GOBBLES and errata 005
  - From: "T. Kinch" <tdotkinch@yahoo.com>
- Re: GOBBLES and errata 005
  - From: Alex de Joode <usura@zedz.net>

Prev by Date: Firewall log analysis what we should look for ?
Next by Date: Upcoming OpenSSH vulnerability
Prev by thread: Re: GOBBLES and errata 005
Next by thread: Re: GOBBLES and errata 005
Index(es):
- Date
- Thread