Re: lug-bg: apache remote vulnerability
Razgledai koda i shte razberesh shtom si polu4il taia situacia zna4i apaha ti e vunerable - az si igrah suma vreme s exploita za moia slack - niamam rezultata kato pri OpenBSD no ako imam vreme shte se opitam da go pa4na da raboti i za linux , kakto i da e shtom si polu4il tova syobshtenie - upgrade - vai. - Original Message - From: Marian Popov [EMAIL PROTECTED] Date: Sun, 23 Jun 2002 00:43:15 +0300 To: [EMAIL PROTECTED] Subject: Re: lug-bg: apache remote vulnerability Niakoi vijdal li e toia exploit kak raboti. Az naprimer go pusnah i eto kakvo stana [*] Connecting.. connected! [*] Currently using retaddr 0x8f2a6, length 29896, localport 48052 Ooops.. hehehe! Nishto ne razbrah :) mano A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html -- Get your free email from www.linuxmail.org Powered by Outblaze
RE: lug-bg: apache remote vulnerability
Oppa izdynka sorry :) Oshte ne sym se sybudil ;) na4i Oops hehe - ne e tova koeto ti kazva 4e si uspial da si hriasnesh server - ako ne si na openBSD - polzvai kliu4a 0x8f000 - tova e opciata za bruteforce attaka - ina4e drugite sa za standartnite OpenBSD versii -- Get your free email from www.linuxmail.org Powered by Outblaze A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: apache remote vulnerability
Apache-AdvancedExtranetServer/1.3.23 (Mandrake Linux/4mdk) Niama takiva problemi. Ima samo staria byg, deto se otvaria port 8200/tcp, koito e lesno reshim! On Thursday 20 June 2002 17:41, you wrote: za subject-ta ima veche ot 2 dni pachove. ot barziat mi pregled iz .bg prostanstvoto mnogo malko hora sa si napravili truda si upgratnat serverchetata. ne se motaite shtoto v nai-skoro vreme shte pochne da stava interesno. za da testvate dali ste vulnerable opitaite tova telnet server 80 POST /hello-admin.html HTTP/1.1 Host: georgi.top.bg Transfer-Encoding: chunked 8001 boza 0 ako vi dropne konekciata hubavo e da se pogrizhite da si pusnete apt-get update, up2date ili kvoto tam si puskate. ako vi dade 400 bad request, spete spokoino. A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: apache remote vulnerability
RedHat updates sa nalichni na updates.redhat.com, upgrade narode, predi da sa ni vlezli v kushtichkite :) Moite suboleznovania kum kolegite s mnogo Apaches. Take care Boris Jordanov (borj) [EMAIL PROTECTED] ICQ 10751645 PGP-key-fingerprint:-- CB23 8B52 5FBC F36A 1B61 F1ED 2831 E52D AAFF 7B08 -- Public-key:--- http://borj.freeshell.org/borj.asc -- To err is human... to really foul up requires the root password. msg11387/pgp0.pgp Description: PGP signature
Re: lug-bg: apache remote vulnerability
Az sym typ i ne razbiram - shto nqkoi ne zeme da mi obiasni kakyv mi e problema kato izlezne klienta sys SEGFAULT i zatvoria connection-a ? a? Ili moje bi vie polzvat 64-bit Unixi ili Winboze ili Netware ? -- Get your free email from www.linuxmail.org Powered by Outblaze A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: apache remote vulnerability
debian update-a za apache e v http://incoming.debian.org samo che neshto e down ... moje i da e pretovaren namerih tuk v edin ot mirrorite: http://ftp.se.debian.org/debian/pool/main/a/apache/ Nikolay Hristov A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: apache remote vulnerability
Ne znam kv ostava no patchnah src i prekompilirah apache. [Fri Jun 21 02:08:31 2002] [notice] child pid 26292 exit signal Segmentation fault (11) Pak syshtata rabota. versiata m ie 1.3.24 Tva imashe li go i v 1.3.26 ili ne ta ako neshto da smenia versiata shtom patcha ne work-va mano àìè àêî âñå îùå äúðæèø íà òâîÿ àïàõ, åòî òîçè ïà÷ (îò openbsd, ëåêî ìîäèôèöèðàí) ñå apply-âà êúì ñîðñà íà 1.3.24, è âñè÷êî å ÎÊ. http://elemag.virtualave.net/files/apache-1.3.24.patch èëè äà ñè êîìïèëèðàø îò upstream sources 1.3.26 èëè 2.0.39. èëè ìîæåø äà âçåìåø package-à íà àïàõà îò slack 8.1.01 èëè îò debian stable, apache è apache-ssl 1.3.9-14.1 (òîâà å ÿñíî îò 19 June) èëè îò debian unstable apache è apache-ssl 1.3.26-1 (îò íîùåñêà ;-) è ò.í. è ò.í., âå÷å âñè÷êî å ÿñíî ... íÿìà êàêâî äà ãî ìèñëèø òîëêî ;-) P.S. îîïñ, ñâúðøèõà ðåêëàìèòå, ïî÷íà ñå ;-) -- Greets, fr33zb1 A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: apache remote vulnerability
Íà ïò, 2002-06-21 â 07:11, yasho çàïèñà: Az sym typ i ne razbiram - shto nqkoi ne zeme da mi obiasni kakyv mi e problema kato izlezne klienta sys SEGFAULT i zatvoria connection-a ? a? Ili moje bi vie polzvat 64-bit Unixi ili Winboze ili Netware ? -- Umstvenite ti sposobnosti nema da gi commentirame, no neka samo ti kaja che i 32bit platformite sa xploitable, i predi dva dena publichno izleze xploit za OpenBSD/Apache, v source na koito pisheshe che ALL platformi sa vulnerable i tova e samo Proof-of-Concept. BRGDS Stefan Myankov A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: apache remote vulnerability
On Fri, 21 Jun 2002 15:11:02 +0800 yasho [EMAIL PROTECTED] wrote: Az sym typ i ne razbiram - shto nqkoi ne zeme da mi obiasni kakyv mi e problema kato izlezne klienta sys SEGFAULT i zatvoria connection-a ? a? Ili moje bi vie polzvat 64-bit Unixi ili Winboze ili Netware ?-- Problema e, che ne zasjaga _samo_ 64bit Unices ili Windows, vupreki tvurdeniata na ISS, dokolkoto moze da se vjarva na GOBBLES (sledva header ot tehnia exploit za OpenBSD) /* * exploit.c * OPENBSD/X86 APACHE REMOTE EXPLOIT!!! * * ROBUST, RELIABLE, USER-FRIENDLY MOTHERFUCKING 0DAY WAREZ! * * BLING! BLING! --- BRUTE FORCE CAPABILITIES --- BLING! BLING! * * . . . and Doug Sniff said it was a hole in Epic. * * --- * Disarm you with a smile * And leave you like they left me here * To wither in denial * The bitterness of one who's left alone * --- * * Remote OpenBSD/Apache exploit for the chunking vulnerability. Kudos to * the OpenBSD developers (Theo, DugSong, jnathan, *@#!w00w00, ...) and * their crappy memcpy implementation that makes this 32-bit impossibility * very easy to accomplish. This vulnerability was recently rediscovered by a slew * of researchers. * * The experts have already concurred that this bug... * - Can not be exploited on 32-bit *nix variants * - Is only exploitable on win32 platforms * - Is only exploitable on certain 64-bit systems * * However, contrary to what ISS would have you believe, we have * successfully exploited this hole on the following operating systems: * * Sun Solaris 6-8 (sparc/x86) * FreeBSD 4.3-4.5 (x86) * OpenBSD 2.6-3.1 (x86) * Linux (GNU) 2.4 (x86) * Razumno e da si podgotven i da ochakvash naj-loshoto, ako ne se sluchi - zdrave da e. Take care Boris Jordanov (borj) [EMAIL PROTECTED] ICQ 10751645 PGP-key-fingerprint:-- CB23 8B52 5FBC F36A 1B61 F1ED 2831 E52D AAFF 7B08 -- Public-key:--- http://borj.freeshell.org/borj.asc -- To err is human... to really foul up requires the root password. msg11394/pgp0.pgp Description: PGP signature
Re: lug-bg: apache remote vulnerability
Problema ne e _samo_ v 64-bitovite OS. Ot http://httpd.apache.org ** citat * UPDATE:* (supersedes security bulletin 20020617) This follow-up to our earlier advisory is to warn of known-exploitable conditions related to this vulnerability on both 64-bit platforms and 32-bit platforms alike. Though we previously reported that 32-bit platforms were not remotely exploitable, it has since been proven by Gobbles that certain conditions allowing exploitation do exist. Successful exploitation of this vulnerability can lead to the execution of arbitrary code on the server with the permissions of the web server child process. This can facilitate the further exploitation of vulnerabilities unrelated to Apache on the local system, potentially allowing the intruder root access. Note that early patches for this issue released by ISS and others do not address its full scope. Due to the existence of exploits circulating in the wild for some platforms, the risk is considered high. The Apache Software Foundation has released versions 1.3.26 and 2.0.39 that address and fix this issue, and all users are urged to upgrade immediately. These versions are available for download; see below. Full Advisory - http://httpd.apache.org/info/security_bulletin_20020620.txt /citat Eto i citat ot advisory-to: citat At the least, this could help a remote attacker launch a denial of service attack as the parent process will eventually have to replace the terminated child process, and starting new children uses non-trivial amounts of resources. /citat T.e. problema ne e samo v exploita... yasho wrote: Az sym typ i ne razbiram - shto nqkoi ne zeme da mi obiasni kakyv mi e problema kato izlezne klienta sys SEGFAULT i zatvoria connection-a ? a? Ili moje bi vie polzvat 64-bit Unixi ili Winboze ili Netware ? -- Peter Kirkov A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: apache remote vulnerability
ne bydi prekaleno siguren che samo windows i 64bit unix sa exploitable Attached is a remote Apache 1.3.X exploit for the chunking vulnerability. This version of the exploit works only on OpenBSD. Experts have argued as to why this is not exploitable on x86/*nix. This version of the exploit has been modified to convince these experts that they are wrong. Further, it is very ./friendly and all scriptkids/penetration testers should be able to run it without any trouble. My God have mercy on our souls. - -GOBBLES Security On Fri, 2002-06-21 at 10:11, yasho wrote: Az sym typ i ne razbiram - shto nqkoi ne zeme da mi obiasni kakyv mi e problema kato izlezne klienta sys SEGFAULT i zatvoria connection-a ? a? Ili moje bi vie polzvat 64-bit Unixi ili Winboze ili Netware ? -- Get your free email from www.linuxmail.org -- -=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=- Regards,AngelFire Stanislav Lechev[EMAIL PROTECTED] PGP Key: http://firedust.vega.bg/pgp/StanislavLechev.asc Vega Internet Service Provider (tm) -- http://www.vega.bg -=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=- signature.asc Description: This is a digitally signed message part
Re: lug-bg: apache remote vulnerability
Az mislia che sym ready . Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. POST /hello-admin.html HTTP/1.1 Host: home.mano.ca Transfer-Encoding: chunked 8001 HTTP/1.1 400 Bad Request Date: Fri, 21 Jun 2002 09:02:49 GMT Server: Apache/1.3.26 (Unix) PHP/4.2.1 Connection: close Content-Type: text/html; charset=iso-8859-1 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN HTMLHEAD TITLE400 Bad Request/TITLE /HEADBODY H1Bad Request/H1 Your browser sent a request that this server could not understand.P HR ADDRESSApache/1.3.26 Server at wireless.pazardjik.com Port 80/ADDRESS /BODY/HTML Connection closed by foreign host. Taka li triabvashe da stane ? mano A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: apache remote vulnerability
Dobre de az go iztestvah moia apah s tva 4udo deto beshe publikuvano tuk - edinstvenoto koeto stana e 4e childa mi izleze sys SEGFAULT i zatvori connection-a vyprosa mi e deistvitelno prost i ne se zaiajdam - kyde e security hole-a ili kak tam da go nareka c situaciata ? Ne sym prevyrjenik da updatevam server samo zaradi update-a . Tova e. - Original Message - From: Stefan Myankov [EMAIL PROTECTED] Date: 21 Jun 2002 11:22:56 + To: [EMAIL PROTECTED] Subject: Re: lug-bg: apache remote vulnerability Íà ïò, 2002-06-21 â 07:11, yasho çàïèñà: Az sym typ i ne razbiram - shto nqkoi ne zeme da mi obiasni kakyv mi e problema kato izlezne klienta sys SEGFAULT i zatvoria connection-a ? a? Ili moje bi vie polzvat 64-bit Unixi ili Winboze ili Netware ? -- Umstvenite ti sposobnosti nema da gi commentirame, no neka samo ti kaja che i 32bit platformite sa xploitable, i predi dva dena publichno izleze xploit za OpenBSD/Apache, v source na koito pisheshe che ALL platformi sa vulnerable i tova e samo Proof-of-Concept. BRGDS Stefan Myankov A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html -- Get your free email from www.linuxmail.org Powered by Outblaze A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: apache remote vulnerability
Az pone vchera razbrah, che ima publichen exploit za Openbsd (32bit )za apache. Spored comment-ite v source, ima takiva exploiti i za linux i t.n., vupreki che spored avtora bili ebasi koshmara da se napishat. Dneska veche v debian unstable ima apache-1.3.26, taka che veche edinstvenoto opravdanie za neupdate-nalite si e tehniq murzel. On Fri, 21 Jun 2002, yasho wrote: Az sym typ i ne razbiram - shto nqkoi ne zeme da mi obiasni kakyv mi e problema kato izlezne klienta sys SEGFAULT i zatvoria connection-a ? a? Ili moje bi vie polzvat 64-bit Unixi ili Winboze ili Netware ? -- Get your free email from www.linuxmail.org A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
RE: lug-bg: apache remote vulnerability
http://online.securityfocus.com/archive/1/277938/2002-06-18/2002-06-24/0 eto linka za threada- . br,nick -Original Message- From: Boyan Krosnov Sent: Thursday, June 20, 2002 10:50 PM To: [EMAIL PROTECTED] Subject: RE: lug-bg: apache remote vulnerability da. FLAMES zashto podqwolite horata ne chetat kakwo pishe w Advisory-to? /FLAMES BR, Boyan -Original Message- From: Marian Popov [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 20, 2002 9:38 PM To: [EMAIL PROTECTED] Subject: Re: lug-bg: apache remote vulnerability Transfer-Encoding: chunked 8001 Connection closed by foreign host. Tova oznachava li che triabva da upgrade ? A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: apache remote vulnerability
Íà ïò, 2002-06-21 â 09:09, yasho çàïèñà: Dobre de az go iztestvah moia apah s tva 4udo deto beshe publikuvano tuk - edinstvenoto koeto stana e 4e childa mi izleze sys SEGFAULT i zatvori connection-a vyprosa mi e deistvitelno prost i ne se zaiajdam - kyde e security hole-a ili kak tam da go nareka c situaciata ? Ne sym prevyrjenik da updatevam server samo zaradi update-a . Tova e. Znachi, exploita nqma da ti proraboti prosto zashtoto e pisan za OpenBSD i shellcodez i offset e praveno za OpenBSD. A ne si li se zamislql che shtom child-a ti exitva sys SEGFAULT znachi ima potencialna vyzmojnost tochno togava kogato exitva da se insert shellcode?:) Nikoi ne ti govori za update prosto za ideqta.. ne sluchaino thread-a e tolkova diskutiran. Ako sigurnostta za sistemata ti e vajna go napravi, ako ne ti se pravi ili ne ti puka feel free to forget about it. BRGDS Stefan Myankov A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: apache remote vulnerability
Eto go i moito HTTP/1.1 400 Bad Request Date: Thu, 20 Jun 2002 17:34:47 GMT Server: Apache/1.3.24 (Unix) PHP/4.1.2 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 173 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN HTMLHEAD TITLE400 Bad Request/TITLE /HEADBODY H1Bad Request/H1 Your browser sent a request that this server could not understand.P Request header field is missing colon separator.P PRE 8001/PRE P HR ADDRESSApache/1.3.24 Server at wireless.pazardjik.com Port 80/ADDRESS /BODY/HTML 0 Connection closed by foreign host. Taka li triabva da e ili ne ? àìè àç ïà÷íàõ debian source package-a îò testing è unsable (apache 1.3.24) ñ ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/005_httpd.patch ñ ëåêè ìîäèôèêàöèè è ñå apply-íà ÷èñòî óæ, èíà÷å òðåáå äà downgrade äî apache 1.3.9 îò stable ùîòî DSA ñå ãðèæàò ñàìî çà stable. Òà ïðåäè äà ïà÷íà 1.3.24 ñ òîçè òåñò íàïðàâî ìè çàòâàðåøå êîíåêöèÿòà, à ñëåä êàòî ãî ïà÷íàõ ïëþå Bad Request, íî ïàê close-âà connection-a: HTTP/1.1 400 Bad Request Date: Thu, 20 Jun 2002 17:00:07 GMT Server: Apache/1.3.24 (Unix) Debian GNU/Linux mod_python/2.7.6 Python/2.1.3 PHP/4.1.2 mod_fastcgi/2.2.12 mod_auth_pgsql/0.9.12 mod_throttle/3.1.2 mod_ssl/2.8.7 OpenSSL/0.9.6c mod_perl/1.26 DAV/1.0.3 Connection: close Content-Type: text/html; charset=iso-8859-1 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN HTMLHEAD TITLE400 Bad Request/TITLE /HEADBODY H1Bad Request/H1 Your browser sent a request that this server could not understand.P Invalid URI in request POST /index.html HTTP/1.1P HR ADDRESSApache/1.3.24 Server at localhost Port 80/ADDRESS /BODY/HTML Connection closed by foreign host. Òîâà safe ëè å ? èëè ïàê óìèðà child-à è parent-à ìîæå äà íàïðàâè íåêâè äèâîòèè ñ ðåñóðñèòå ? -- Greets, fr33zb1 A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
RE: lug-bg: apache remote vulnerability
Ne si postawil zadyljitelniq prazen red sled header chastta na query-to :) t.e. Sled Transfer-encoding:... reda BR, Boyan -Original Message- From: Marian Popov [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 20, 2002 8:39 PM To: [EMAIL PROTECTED] Subject: Re: lug-bg: apache remote vulnerability Eto go i moito HTTP/1.1 400 Bad Request Date: Thu, 20 Jun 2002 17:34:47 GMT Server: Apache/1.3.24 (Unix) PHP/4.1.2 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 173 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN HTMLHEAD TITLE400 Bad Request/TITLE /HEADBODY H1Bad Request/H1 Your browser sent a request that this server could not understand.P Request header field is missing colon separator.P PRE 8001/PRE P HR ADDRESSApache/1.3.24 Server at wireless.pazardjik.com Port 80/ADDRESS /BODY/HTML 0 Connection closed by foreign host. Taka li triabva da e ili ne ? àìè àç ïà÷íàõ debian source package-a îò testing è unsable (apache 1.3.24) ñ ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/005_httpd.patch ñ ëåêè ìîäèôèêàöèè è ñå apply-íà ÷èñòî óæ, èíà÷å òðåáå äà downgrade äî apache 1.3.9 îò stable ùîòî DSA ñå ãðèæàò ñàìî çà stable. Òà ïðåäè äà ïà÷íà 1.3.24 ñ òîçè òåñò íàïðàâî ìè çàòâàðåøå êîíåêöèÿòà, à ñëåä êàòî ãî ïà÷íàõ ïëþå Bad Request, íî ïàê close-âà connection-a: HTTP/1.1 400 Bad Request Date: Thu, 20 Jun 2002 17:00:07 GMT Server: Apache/1.3.24 (Unix) Debian GNU/Linux mod_python/2.7.6 Python/2.1.3 PHP/4.1.2 mod_fastcgi/2.2.12 mod_auth_pgsql/0.9.12 mod_throttle/3.1.2 mod_ssl/2.8.7 OpenSSL/0.9.6c mod_perl/1.26 DAV/1.0.3 Connection: close Content-Type: text/html; charset=iso-8859-1 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN HTMLHEAD TITLE400 Bad Request/TITLE /HEADBODY H1Bad Request/H1 Your browser sent a request that this server could not understand.P Invalid URI in request POST /index.html HTTP/1.1P HR ADDRESSApache/1.3.24 Server at localhost Port 80/ADDRESS /BODY/HTML Connection closed by foreign host. Òîâà safe ëè å ? èëè ïàê óìèðà child-à è parent-à ìîæå äà íàïðàâè íåêâè äèâîòèè ñ ðåñóðñèòå ? -- Greets, fr33zb1 == == A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html == == == == A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html == == A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: apache remote vulnerability
George Danchev wrote: On Thursday 20 June 2002 17:41, Georgi Chorbadzhiyski wrote: za subject-ta ima veche ot 2 dni pachove. ot barziat mi pregled iz .bg prostanstvoto mnogo malko hora sa si napravili truda si upgratnat serverchetata. ne se motaite shtoto v nai-skoro vreme shte pochne da stava interesno. za da testvate dali ste vulnerable opitaite tova telnet server 80 POST /hello-admin.html HTTP/1.1 Host: georgi.top.bg Transfer-Encoding: chunked 8001 boza 0 ako vi dropne konekciata hubavo e da se pogrizhite da si pusnete apt-get update, up2date ili kvoto tam si puskate. ako vi dade 400 bad request, spete spokoino. àìè àç ïà÷íàõ debian source package-a îò testing è unsable (apache 1.3.24) ñ ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/005_httpd.patch ñ ëåêè ìîäèôèêàöèè è ñå apply-íà ÷èñòî óæ, èíà÷å òðåáå äà downgrade äî apache 1.3.9 îò stable ùîòî DSA ñå ãðèæàò ñàìî çà stable. Òà ïðåäè äà ïà÷íà 1.3.24 ñ òîçè òåñò íàïðàâî ìè çàòâàðåøå êîíåêöèÿòà, à ñëåä êàòî ãî ïà÷íàõ ïëþå Bad Request, íî ïàê close-âà connection-a: HTTP/1.1 400 Bad Request Date: Thu, 20 Jun 2002 17:00:07 GMT Server: Apache/1.3.24 (Unix) Debian GNU/Linux mod_python/2.7.6 Python/2.1.3 PHP/4.1.2 mod_fastcgi/2.2.12 mod_auth_pgsql/0.9.12 mod_throttle/3.1.2 mod_ssl/2.8.7 OpenSSL/0.9.6c mod_perl/1.26 DAV/1.0.3 Connection: close Content-Type: text/html; charset=iso-8859-1 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN HTMLHEAD TITLE400 Bad Request/TITLE /HEADBODY H1Bad Request/H1 Your browser sent a request that this server could not understand.P Invalid URI in request POST /index.html HTTP/1.1P HR ADDRESSApache/1.3.24 Server at localhost Port 80/ADDRESS /BODY/HTML Connection closed by foreign host. Òîâà safe ëè å ? èëè ïàê óìèðà child-à è parent-à ìîæå äà íàïðàâè íåêâè äèâîòèè ñ ðåñóðñèòå ? Äîêîëêîòî ïðî÷åòîõ, ùîì òè ïîêàçâà ãðåøêàòà çíà÷è å íàðåä (òîåñò íå å óÿçâèìî), àêî ïðîñòî òè çàòâîðè êîíåêöèÿòà çíà÷è _íå å_ íàðåä :( Ïðåãëåäàé ñè error_log-îâåòå íà ñúðâúðà çà ñúîáùåíèÿ îò ñîðòà íà [Tue Jun 20 21:16:34 2002] [notice] Parent: child process exited with status 3221225477 -- Restarting. Àêî ñëåä îáíîâÿâàíåòî ïðîäúëæàâà äà èìà òàêèâà ñúîáùåíèÿ íå å íà õóáàâî :) -- Georgi Chorbadzhiyski http://georgi.top.bg/ A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: apache remote vulnerability
Transfer-Encoding: chunked 8001 Connection closed by foreign host. Tova oznachava li che triabva da upgrade ? - Original Message - From: George Danchev [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 20, 2002 8:09 PM Subject: Re: lug-bg: apache remote vulnerability On Thursday 20 June 2002 17:41, Georgi Chorbadzhiyski wrote: za subject-ta ima veche ot 2 dni pachove. ot barziat mi pregled iz .bg prostanstvoto mnogo malko hora sa si napravili truda si upgratnat serverchetata. ne se motaite shtoto v nai-skoro vreme shte pochne da stava interesno. za da testvate dali ste vulnerable opitaite tova telnet server 80 POST /hello-admin.html HTTP/1.1 Host: georgi.top.bg Transfer-Encoding: chunked 8001 boza 0 ako vi dropne konekciata hubavo e da se pogrizhite da si pusnete apt-get update, up2date ili kvoto tam si puskate. ako vi dade 400 bad request, spete spokoino. àìè àç ïà÷íàõ debian source package-a îò testing è unsable (apache 1.3.24) ñ ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/005_httpd.patch ñ ëåêè ìîäèôèêàöèè è ñå apply-íà ÷èñòî óæ, èíà÷å òðåáå äà downgrade äî apache 1.3.9 îò stable ùîòî DSA ñå ãðèæàò ñàìî çà stable. Òà ïðåäè äà ïà÷íà 1.3.24 ñ òîçè òåñò íàïðàâî ìè çàòâàðåøå êîíåêöèÿòà, à ñëåä êàòî ãî ïà÷íàõ ïëþå Bad Request, íî ïàê close-âà connection-a: HTTP/1.1 400 Bad Request Date: Thu, 20 Jun 2002 17:00:07 GMT Server: Apache/1.3.24 (Unix) Debian GNU/Linux mod_python/2.7.6 Python/2.1.3 PHP/4.1.2 mod_fastcgi/2.2.12 mod_auth_pgsql/0.9.12 mod_throttle/3.1.2 mod_ssl/2.8.7 OpenSSL/0.9.6c mod_perl/1.26 DAV/1.0.3 Connection: close Content-Type: text/html; charset=iso-8859-1 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN HTMLHEAD TITLE400 Bad Request/TITLE /HEADBODY H1Bad Request/H1 Your browser sent a request that this server could not understand.P Invalid URI in request POST /index.html HTTP/1.1P HR ADDRESSApache/1.3.24 Server at localhost Port 80/ADDRESS /BODY/HTML Connection closed by foreign host. Òîâà safe ëè å ? èëè ïàê óìèðà child-à è parent-à ìîæå äà íàïðàâè íåêâè äèâîòèè ñ ðåñóðñèòå ? -- Greets, fr33zb1 A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
RE: lug-bg: apache remote vulnerability
da. FLAMES zashto podqwolite horata ne chetat kakwo pishe w Advisory-to? /FLAMES BR, Boyan -Original Message- From: Marian Popov [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 20, 2002 9:38 PM To: [EMAIL PROTECTED] Subject: Re: lug-bg: apache remote vulnerability Transfer-Encoding: chunked 8001 Connection closed by foreign host. Tova oznachava li che triabva da upgrade ? A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: apache remote vulnerability
Marian Popov wrote: Eto go i moito HTTP/1.1 400 Bad Request Date: Thu, 20 Jun 2002 17:34:47 GMT Server: Apache/1.3.24 (Unix) PHP/4.1.2 Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 173 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN HTMLHEAD TITLE400 Bad Request/TITLE /HEADBODY H1Bad Request/H1 Your browser sent a request that this server could not understand.P Request header field is missing colon separator.P PRE 8001/PRE P HR ADDRESSApache/1.3.24 Server at wireless.pazardjik.com Port 80/ADDRESS /BODY/HTML 0 Connection closed by foreign host. Taka li triabva da e ili ne ? Hmm neznaia kak pravite copy+paste obache az wizhdam tova: gf@gf:~$ telnet www.pazardjik.com 80 Trying 212.116.152.20... Connected to www.pazardjik.com. Escape character is '^]'. POST /hello-admin.html HTTP/1.1 Host: georgi.top.bg Transfer-Encoding: chunked 8001 boza 0 Connection closed by foreign host. gf@gf:~$ -- Georgi Chorbadzhiyski http://georgi.top.bg/ A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: apache remote vulnerability
On Thursday 20 June 2002 21:37, Marian Popov wrote: Transfer-Encoding: chunked 8001 Connection closed by foreign host. Tova oznachava li che triabva da upgrade ? äà. äàâàé äîêàòî å âðåìå ;-) îñâåí òîâà äåòî êàçà ×îðáàäæèéñêè, ïðè òåñòà â ëîãà àêî âñè÷êî å ÎÊ ïîëó÷àâàø 127.0.0.1 - - [20/Jun/2002:22:07:50 +0300] POST /index.html HTTP/1.1 400 281 - - Áóèëäíàõ è åäíî 2.0.39 (upstream sources), ïðè òåñòà: --- Transfer-Encoding: chunked 8001 HTTP/1.1 413 Request Entity Too Large Date: Thu, 20 Jun 2002 19:13:06 GMT Server: Apache/2.0.39 (Unix) Vary: accept-language Accept-Ranges: bytes Content-Length: 762 Connection: close Content-Type: text/html; charset=ISO-8859-1 !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTML HEAD TITLERequest entity too large!/TITLE -- /HTML Connection closed by foreign host. íèùî ëîøî â ëîãà, âå÷å HTTP/1.1 413 Request Entity Too Large ìàé å ïî-èíòåëèãåíòåí îòãîâîð äà ñå êàæå íà àòàêåðà äà îäè ó ëåâî ... -- Greets, fr33zb1 A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: apache remote vulnerability
8001 Connection closed by foreign host. Tova oznachava li che triabva da upgrade ? äà. äàâàé äîêàòî å âðåìå ;-) îñâåí òîâà äåòî êàçà ×îðáàäæèéñêè, ïðè òåñòà â ëîãà àêî âñè÷êî å ÎÊ ïîëó÷àâàø 127.0.0.1 - - [20/Jun/2002:22:07:50 +0300] POST /index.html HTTP/1.1 400 281 - - Áóèëäíàõ è åäíî 2.0.39 (upstream sources), ïðè òåñòà: Ne znam kv ostava no patchnah src i prekompilirah apache. [Fri Jun 21 02:08:31 2002] [notice] child pid 26292 exit signal Segmentation fault (11) Pak syshtata rabota. versiata m ie 1.3.24 Tva imashe li go i v 1.3.26 ili ne ta ako neshto da smenia versiata shtom patcha ne work-va mano --- Transfer-Encoding: chunked 8001 HTTP/1.1 413 Request Entity Too Large Date: Thu, 20 Jun 2002 19:13:06 GMT Server: Apache/2.0.39 (Unix) Vary: accept-language Accept-Ranges: bytes Content-Length: 762 Connection: close Content-Type: text/html; charset=ISO-8859-1 !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTML HEAD TITLERequest entity too large!/TITLE -- /HTML Connection closed by foreign host. íèùî ëîøî â ëîãà, âå÷å HTTP/1.1 413 Request Entity Too Large ìàé å ïî-èíòåëèãåíòåí îòãîâîð äà ñå êàæå íà àòàêåðà äà îäè ó ëåâî ... -- Greets, fr33zb1 A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html