Re: slapper countermeasures

2002-09-17 Thread KevinL 

On Wed, 2002-09-18 at 06:05, Michael Renzmann wrote:
 killall .bugtraq would be suitable as well, and it would destroy 
 every other instance of the program that is running currently. Even if 
 detecting the current PPID does not work for whatever reason.

*chuckle*

Solaris is vulnerable to this bug?  Solaris killall kills _everything_
- not just the named process.

'course, given they're theoretically not running the webserver as root,
this shouldn't be a huge issue...  But it's not as social as you might
think.

KJL
(Who knows this from bitter experience...)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: slapper countermeasures

2002-09-17 Thread KevinL 
On Wed, 2002-09-18 at 06:05, Michael Renzmann wrote:
 killall .bugtraq would be suitable as well, and it would destroy 
 every other instance of the program that is running currently. Even if 
 detecting the current PPID does not work for whatever reason.

*chuckle*

Solaris is vulnerable to this bug?  Solaris killall kills _everything_
- not just the named process.

'course, given they're theoretically not running the webserver as root,
this shouldn't be a huge issue...  But it's not as social as you might
think.

KJL
(Who knows this from bitter experience...)

Re: Apache chunk handling vulnerability and Apache 1.3.24-3

2002-06-23 Thread KevinL 
Can someone clarify for me, please (not directly debian related, I know,
but...) - the patches appear to only be to the chunk-encoding functions
in mod_proxy.  If mod_proxy isn't loaded, is apache still vulnerable?

KJL

On Thu, 2002-06-20 at 20:30, Paul Hosking wrote:
 On Wed, 2002-06-19 at 06:57, René Seindal wrote:
 
  If you use 32 bit machines you are 'only' vulnerable to a DoS attack,
  not a real compromise of your servers.
 
 Apache version 1.3.24 is vulnerable.  The later version 1.3.26 is a
 security fix to this issue and it would seem it shall be available for
 download shortly[1].
 
 It would be worth noting that there has been later evidence to show a
 remote root exploit using this vulnerability[2] as demonstrated with an
 actual exploit against OpenBSD.  The source code[3] to the exploit
 includes comments that claim successful testing against Linux 2.4, among
 others.
 
 
 [1]
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=150284repeatmerged=yes
 
 [2] http://online.securityfocus.com/bid/5033/info/
 
 [3]
 http://downloads.securityfocus.com/vulnerabilities/exploits/apache-scalp.c
  
 -- 
 
 .: Paul Hosking . [EMAIL PROTECTED]
 .: InfoSec
 
 .: PGP KeyID: 0x42F93AE9
 .: 7B86 4F79 E496 2775 7945  FA81 8D94 196D 42F9 3AE9
 
 
 -- 
 To UNSUBSCRIBE, email to [EMAIL PROTECTED]
 with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
 



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]