Re: lug-bg: apache remote vulnerability

2002-06-24 Thread yasho 

Razgledai koda i shte razberesh shtom si polu4il taia situacia zna4i apaha ti e 
vunerable - az si igrah suma vreme s exploita za moia slack - niamam rezultata kato 
pri OpenBSD no ako imam vreme shte se opitam da go pa4na da raboti i za linux , kakto 
i da e shtom si polu4il tova syobshtenie - upgrade - vai.
- Original Message -
From: Marian Popov [EMAIL PROTECTED]
Date: Sun, 23 Jun 2002 00:43:15 +0300
To: [EMAIL PROTECTED]
Subject: Re: lug-bg: apache remote vulnerability


 Niakoi vijdal li e toia exploit kak raboti.
 
 Az naprimer go pusnah i eto kakvo stana
 
 [*] Connecting.. connected!
 [*] Currently using retaddr 0x8f2a6, length 29896, localport 48052
 Ooops.. hehehe!
 
 
 Nishto ne razbrah :)
 
 
 mano
 
 
 A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
 http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
 To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
 
 

-- 
Get your free email from www.linuxmail.org 


Powered by Outblaze

RE: lug-bg: apache remote vulnerability

2002-06-24 Thread yasho 

Oppa izdynka sorry :)
Oshte ne sym se sybudil ;)
na4i Oops hehe - ne e tova koeto ti kazva 4e si uspial da si hriasnesh server - ako ne 
si na openBSD - polzvai kliu4a 0x8f000 - tova e opciata za bruteforce attaka - ina4e 
drugite sa za standartnite OpenBSD versii
-- 
Get your free email from www.linuxmail.org 


Powered by Outblaze

A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

Re: lug-bg: apache remote vulnerability

2002-06-21 Thread Vesselin Kolev 

Apache-AdvancedExtranetServer/1.3.23 (Mandrake Linux/4mdk) 

Niama takiva problemi. Ima samo staria byg, deto se otvaria port 8200/tcp,
koito e lesno reshim!

On Thursday 20 June 2002 17:41, you wrote:
 za subject-ta ima veche ot 2 dni pachove. ot barziat mi pregled iz
 .bg prostanstvoto mnogo malko hora sa si napravili truda si
 upgratnat serverchetata. ne se motaite shtoto v nai-skoro vreme
 shte pochne da stava interesno.
 za da testvate dali ste vulnerable opitaite tova

 telnet server 80

 POST /hello-admin.html HTTP/1.1
 Host: georgi.top.bg
 Transfer-Encoding: chunked

 8001
 boza
 0


 ako vi dropne konekciata hubavo e da se pogrizhite da si pusnete
 apt-get update, up2date ili kvoto tam si puskate.
 ako vi dade 400 bad request, spete spokoino.

A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

Re: lug-bg: apache remote vulnerability

2002-06-21 Thread Boris Jordanov 

RedHat updates sa nalichni na updates.redhat.com, upgrade narode, predi da sa ni
vlezli v kushtichkite :) Moite suboleznovania kum kolegite s mnogo Apaches.

Take care


Boris Jordanov (borj) [EMAIL PROTECTED]
ICQ 10751645

PGP-key-fingerprint:--
CB23 8B52 5FBC F36A 1B61  F1ED 2831 E52D AAFF 7B08
--
Public-key:---
http://borj.freeshell.org/borj.asc
--
To err is human...
to really foul up requires the root password.



msg11387/pgp0.pgp
Description: PGP signature

Re: lug-bg: apache remote vulnerability

2002-06-21 Thread yasho 

Az sym typ i ne razbiram - shto nqkoi ne zeme da mi obiasni kakyv mi e problema kato 
izlezne klienta sys SEGFAULT i zatvoria connection-a ? a?
Ili moje bi vie polzvat 64-bit Unixi ili Winboze ili Netware ?
-- 
Get your free email from www.linuxmail.org 


Powered by Outblaze

A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

Re: lug-bg: apache remote vulnerability

2002-06-21 Thread Nikolay Hristov 

debian update-a za apache e v http://incoming.debian.org samo che neshto e
down ... moje i da e pretovaren
namerih tuk v edin ot mirrorite:
http://ftp.se.debian.org/debian/pool/main/a/apache/

Nikolay Hristov


A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

Re: lug-bg: apache remote vulnerability

2002-06-21 Thread George Danchev 


 Ne znam kv ostava no patchnah src i prekompilirah apache.

 [Fri Jun 21 02:08:31 2002] [notice] child pid 26292 exit signal
 Segmentation fault (11)

 Pak syshtata rabota.

 versiata m ie 1.3.24
 Tva imashe li go i v 1.3.26 ili ne ta ako neshto da smenia versiata shtom
 patcha ne work-va

 mano

àìè àêî âñå îùå äúðæèø íà òâîÿ àïàõ, åòî òîçè ïà÷ (îò openbsd, ëåêî 
ìîäèôèöèðàí) ñå apply-âà  êúì ñîðñà íà 1.3.24, è âñè÷êî å ÎÊ. 
http://elemag.virtualave.net/files/apache-1.3.24.patch

èëè äà ñè êîìïèëèðàø îò upstream sources 1.3.26 èëè 2.0.39. 

èëè ìîæåø äà âçåìåø package-à íà àïàõà îò slack 8.1.01 

èëè îò debian stable, apache è apache-ssl 1.3.9-14.1 (òîâà å ÿñíî îò 19 June)
èëè îò debian unstable apache è  apache-ssl 1.3.26-1 (îò íîùåñêà ;-)

è ò.í. è ò.í., âå÷å âñè÷êî å ÿñíî ... íÿìà êàêâî äà ãî ìèñëèø òîëêî ;-)

P.S. îîïñ, ñâúðøèõà ðåêëàìèòå, ïî÷íà ñå ;-)
-- 
Greets,
fr33zb1

A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

Re: lug-bg: apache remote vulnerability

2002-06-21 Thread Stefan Myankov 

Íà ïò, 2002-06-21 â 07:11, yasho çàïèñà:
 Az sym typ i ne razbiram - shto nqkoi ne zeme da mi obiasni kakyv mi e problema kato 
izlezne klienta sys SEGFAULT i zatvoria connection-a ? a?
 Ili moje bi vie polzvat 64-bit Unixi ili Winboze ili Netware ?
 -- 
Umstvenite ti sposobnosti nema da gi commentirame, no neka samo ti kaja
che i 32bit platformite sa xploitable, i predi dva dena publichno izleze
xploit za OpenBSD/Apache, v source na koito pisheshe che ALL platformi
sa vulnerable i tova e samo Proof-of-Concept.
BRGDS
Stefan Myankov


A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

Re: lug-bg: apache remote vulnerability

2002-06-21 Thread Boris Jordanov 

On Fri, 21 Jun 2002 15:11:02 +0800
yasho  [EMAIL PROTECTED] wrote:

 Az sym typ i ne razbiram - shto nqkoi ne zeme da mi obiasni kakyv mi e
 problema kato izlezne klienta sys SEGFAULT i zatvoria connection-a ? a? Ili
 moje bi vie polzvat 64-bit Unixi ili Winboze ili Netware ?-- 

Problema e, che ne zasjaga _samo_ 64bit Unices ili Windows, vupreki tvurdeniata
na ISS, dokolkoto moze da se vjarva na GOBBLES (sledva header ot tehnia exploit
za OpenBSD)


/*
 * exploit.c
 * OPENBSD/X86 APACHE REMOTE EXPLOIT!!! 
 * 
 * ROBUST, RELIABLE, USER-FRIENDLY MOTHERFUCKING 0DAY WAREZ!
 *
 * BLING! BLING! --- BRUTE FORCE CAPABILITIES --- BLING! BLING!
 * 
 * . . . and Doug Sniff said it was a hole in Epic.
 *
 * ---
 * Disarm you with a smile
 * And leave you like they left me here
 * To wither in denial
 * The bitterness of one who's left alone
 * ---
 *
 * Remote OpenBSD/Apache exploit for the chunking vulnerability. Kudos to
 * the OpenBSD developers (Theo, DugSong, jnathan, *@#!w00w00, ...) and
 * their crappy memcpy implementation that makes this 32-bit impossibility
 * very easy to accomplish. This vulnerability was recently rediscovered by a
slew
 * of researchers.
 *
 * The experts have already concurred that this bug...
 *  -   Can not be exploited on 32-bit *nix variants
 *  -   Is only exploitable on win32 platforms
 *  -   Is only exploitable on certain 64-bit systems
 *
 * However, contrary to what ISS would have you believe, we have
 * successfully exploited this hole on the following operating systems:
 *
 *  Sun Solaris 6-8 (sparc/x86)
 *  FreeBSD 4.3-4.5 (x86)
 *  OpenBSD 2.6-3.1 (x86)
 *  Linux (GNU) 2.4 (x86)
 *

Razumno e da si podgotven i da ochakvash naj-loshoto, ako ne se sluchi - zdrave
da e.

Take care


Boris Jordanov (borj) [EMAIL PROTECTED]
ICQ 10751645

PGP-key-fingerprint:--
CB23 8B52 5FBC F36A 1B61  F1ED 2831 E52D AAFF 7B08
--
Public-key:---
http://borj.freeshell.org/borj.asc
--
To err is human...
to really foul up requires the root password.



msg11394/pgp0.pgp
Description: PGP signature

Re: lug-bg: apache remote vulnerability

2002-06-21 Thread Peter Kirkov 

Problema ne e _samo_ v 64-bitovite OS.

Ot http://httpd.apache.org **
citat *
UPDATE:* (supersedes security bulletin 20020617)

This follow-up to our earlier advisory is to warn of known-exploitable 
conditions related to this vulnerability on both 64-bit platforms and 
32-bit platforms alike. Though we previously reported that 32-bit 
platforms were not remotely exploitable, it has since been proven by 
Gobbles that certain conditions allowing exploitation do exist.

Successful exploitation of this vulnerability can lead to the execution 
of arbitrary code on the server with the permissions of the web server 
child process. This can facilitate the further exploitation of 
vulnerabilities unrelated to Apache on the local system, potentially 
allowing the intruder root access.

Note that early patches for this issue released by ISS and others do not 
address its full scope.

Due to the existence of exploits circulating in the wild for some 
platforms, the risk is considered high. The Apache Software Foundation 
has released versions 1.3.26 and 2.0.39 that address and fix this issue, 
and all users are urged to upgrade immediately. These versions are 
available for download; see below.


Full Advisory - http://httpd.apache.org/info/security_bulletin_20020620.txt
/citat

Eto i citat ot advisory-to:

citat
At the least, this could help a
remote attacker launch a denial of service attack as the parent process
will eventually have to replace the terminated child process, and starting
new children uses non-trivial amounts of resources.
/citat

T.e. problema ne e samo v exploita...




yasho wrote:

Az sym typ i ne razbiram - shto nqkoi ne zeme da mi obiasni kakyv mi e problema kato 
izlezne klienta sys SEGFAULT i zatvoria connection-a ? a?
Ili moje bi vie polzvat 64-bit Unixi ili Winboze ili Netware ?


-- 

Peter Kirkov



A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

Re: lug-bg: apache remote vulnerability

2002-06-21 Thread Lechev [AngelFire] 


ne bydi prekaleno siguren che samo windows i 64bit unix sa exploitable




Attached is a remote Apache 1.3.X exploit for the chunking
vulnerability.  This version of the exploit works only on OpenBSD. 
Experts have argued as to why this is not exploitable on x86/*nix. 
This version of the exploit has been modified to convince these
experts that they are wrong.  Further, it is very ./friendly and all
scriptkids/penetration testers should be able to run it without any
trouble.

My God have mercy on our souls.

- -GOBBLES Security

On Fri, 2002-06-21 at 10:11, yasho wrote:
 Az sym typ i ne razbiram - shto nqkoi ne zeme da mi obiasni kakyv mi e problema kato 
izlezne klienta sys SEGFAULT i zatvoria connection-a ? a?
 Ili moje bi vie polzvat 64-bit Unixi ili Winboze ili Netware ?
 -- 
 Get your free email from www.linuxmail.org 
 

-- 
-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-
  Regards,AngelFire  
  Stanislav Lechev[EMAIL PROTECTED] 
 PGP Key: http://firedust.vega.bg/pgp/StanislavLechev.asc
   Vega Internet Service Provider (tm)  --  http://www.vega.bg   
-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-=#=-





signature.asc
Description: This is a digitally signed message part

Re: lug-bg: apache remote vulnerability

2002-06-21 Thread Marian Popov 

Az mislia che sym ready .

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
POST /hello-admin.html HTTP/1.1
Host: home.mano.ca
Transfer-Encoding: chunked

8001
HTTP/1.1 400 Bad Request
Date: Fri, 21 Jun 2002 09:02:49 GMT
Server: Apache/1.3.26 (Unix) PHP/4.2.1
Connection: close
Content-Type: text/html; charset=iso-8859-1

!DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
HTMLHEAD
TITLE400 Bad Request/TITLE
/HEADBODY
H1Bad Request/H1
Your browser sent a request that this server could not understand.P
HR
ADDRESSApache/1.3.26 Server at wireless.pazardjik.com Port 80/ADDRESS
/BODY/HTML
Connection closed by foreign host.


Taka li triabvashe da stane ?

mano


A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

Re: lug-bg: apache remote vulnerability

2002-06-21 Thread yasho 

Dobre de az go iztestvah moia apah s tva 4udo deto beshe publikuvano tuk - 
edinstvenoto koeto stana e 4e  childa mi izleze sys SEGFAULT i zatvori connection-a  
vyprosa mi e deistvitelno prost i ne se zaiajdam - kyde e security hole-a ili kak tam 
da go nareka c situaciata ? Ne sym prevyrjenik da updatevam server samo zaradi 
update-a . Tova e.
- Original Message -
From: Stefan Myankov [EMAIL PROTECTED]
Date: 21 Jun 2002 11:22:56 +
To: [EMAIL PROTECTED]
Subject: Re: lug-bg: apache remote vulnerability


 Íà ïò, 2002-06-21 â 07:11, yasho çàïèñà:
  Az sym typ i ne razbiram - shto nqkoi ne zeme da mi obiasni kakyv mi e problema 
kato izlezne klienta sys SEGFAULT i zatvoria connection-a ? a?
  Ili moje bi vie polzvat 64-bit Unixi ili Winboze ili Netware ?
  -- 
 Umstvenite ti sposobnosti nema da gi commentirame, no neka samo ti kaja
 che i 32bit platformite sa xploitable, i predi dva dena publichno izleze
 xploit za OpenBSD/Apache, v source na koito pisheshe che ALL platformi
 sa vulnerable i tova e samo Proof-of-Concept.
 BRGDS
 Stefan Myankov
 
 
 A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
 http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
 To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
 
 

-- 
Get your free email from www.linuxmail.org 


Powered by Outblaze

A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

Re: lug-bg: apache remote vulnerability

2002-06-21 Thread Vasil Kolev 

Az pone vchera razbrah, che ima publichen exploit za Openbsd (32bit )za
apache. Spored comment-ite v source, ima takiva exploiti i za linux i
t.n., vupreki che spored avtora bili ebasi koshmara da se napishat.

Dneska veche v debian unstable ima apache-1.3.26, taka che veche
edinstvenoto opravdanie za neupdate-nalite si e tehniq murzel.

On Fri, 21 Jun 2002, yasho  wrote:

 Az sym typ i ne razbiram - shto nqkoi ne zeme da mi obiasni kakyv mi e problema kato 
izlezne klienta sys SEGFAULT i zatvoria connection-a ? a?
 Ili moje bi vie polzvat 64-bit Unixi ili Winboze ili Netware ?
 --
 Get your free email from www.linuxmail.org


A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

RE: lug-bg: apache remote vulnerability

2002-06-21 Thread Nikolai Abromov 

http://online.securityfocus.com/archive/1/277938/2002-06-18/2002-06-24/0
eto linka za threada- .


br,nick 

-Original Message-
From: Boyan Krosnov 
Sent: Thursday, June 20, 2002 10:50 PM
To: [EMAIL PROTECTED]
Subject: RE: lug-bg: apache remote vulnerability


da.

FLAMES
zashto podqwolite horata ne chetat kakwo pishe w Advisory-to?
/FLAMES

BR,
Boyan

 -Original Message-
 From: Marian Popov [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, June 20, 2002 9:38 PM
 To: [EMAIL PROTECTED]
 Subject: Re: lug-bg: apache remote vulnerability
 
 
 Transfer-Encoding: chunked
 
 8001
 Connection closed by foreign host.
 
 
 Tova oznachava li che triabva da upgrade ?


A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara
Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html



A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

Re: lug-bg: apache remote vulnerability

2002-06-21 Thread Stefan Myankov 

Íà ïò, 2002-06-21 â 09:09, yasho çàïèñà:
 Dobre de az go iztestvah moia apah s tva 4udo deto beshe publikuvano tuk - 
edinstvenoto koeto stana e 4e  childa mi izleze sys SEGFAULT i zatvori connection-a  
vyprosa mi e deistvitelno prost i ne se zaiajdam - kyde e security hole-a ili kak tam 
da go nareka c situaciata ? Ne sym prevyrjenik da updatevam server samo zaradi 
update-a . Tova e.
Znachi, exploita nqma da ti proraboti prosto zashtoto e pisan za OpenBSD
i shellcodez i offset e praveno za OpenBSD. A ne si li se zamislql che
shtom child-a ti exitva sys SEGFAULT znachi ima potencialna vyzmojnost
tochno togava kogato exitva da se insert shellcode?:) Nikoi ne ti govori
za update prosto za ideqta.. ne sluchaino thread-a e tolkova diskutiran.
Ako sigurnostta za sistemata ti e vajna go napravi, ako ne ti se pravi
ili ne ti puka feel free to forget about it.
BRGDS
Stefan Myankov


A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

Re: lug-bg: apache remote vulnerability

2002-06-20 Thread Marian Popov 

Eto go i moito


HTTP/1.1 400 Bad Request
Date: Thu, 20 Jun 2002 17:34:47 GMT
Server: Apache/1.3.24 (Unix) PHP/4.1.2
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

173
!DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
HTMLHEAD
TITLE400 Bad Request/TITLE
/HEADBODY
H1Bad Request/H1
Your browser sent a request that this server could not understand.P
Request header field is missing colon separator.P
PRE
8001/PRE
P
HR
ADDRESSApache/1.3.24 Server at wireless.pazardjik.com Port 80/ADDRESS
/BODY/HTML

0

Connection closed by foreign host.

Taka li triabva da e ili ne ?

 àìè àç ïà÷íàõ debian source package-a îò testing è unsable (apache 1.3.24)
ñ
 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/005_httpd.patch ñ
ëåêè
 ìîäèôèêàöèè è ñå apply-íà ÷èñòî óæ, èíà÷å òðåáå äà downgrade äî apache
1.3.9
 îò stable ùîòî DSA ñå ãðèæàò ñàìî çà stable. Òà ïðåäè äà ïà÷íà 1.3.24 ñ
òîçè
 òåñò íàïðàâî ìè çàòâàðåøå êîíåêöèÿòà, à ñëåä êàòî ãî ïà÷íàõ ïëþå Bad
Request,
 íî ïàê close-âà connection-a:

 HTTP/1.1 400 Bad Request
 Date: Thu, 20 Jun 2002 17:00:07 GMT
 Server: Apache/1.3.24 (Unix) Debian GNU/Linux mod_python/2.7.6
Python/2.1.3
 PHP/4.1.2
 mod_fastcgi/2.2.12 mod_auth_pgsql/0.9.12 mod_throttle/3.1.2 mod_ssl/2.8.7
 OpenSSL/0.9.6c mod_perl/1.26 DAV/1.0.3
 Connection: close
 Content-Type: text/html; charset=iso-8859-1

 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
 HTMLHEAD
 TITLE400 Bad Request/TITLE
 /HEADBODY
 H1Bad Request/H1
 Your browser sent a request that this server could not understand.P
 Invalid URI in request  POST /index.html HTTP/1.1P
 HR
 ADDRESSApache/1.3.24 Server at localhost Port 80/ADDRESS
 /BODY/HTML
 Connection closed by foreign host.

 Òîâà safe ëè å ? èëè ïàê óìèðà child-à è parent-à ìîæå äà íàïðàâè íåêâè
 äèâîòèè ñ ðåñóðñèòå ?
 --
 Greets,
 fr33zb1


 A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
 http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara
Zagora
 To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html





A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

RE: lug-bg: apache remote vulnerability

2002-06-20 Thread Boyan Krosnov 

Ne si postawil zadyljitelniq prazen red sled header chastta na query-to
:)
t.e. Sled Transfer-encoding:... reda

BR,
Boyan

 -Original Message-
 From: Marian Popov [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, June 20, 2002 8:39 PM
 To: [EMAIL PROTECTED]
 Subject: Re: lug-bg: apache remote vulnerability
 
 
 Eto go i moito
 
 
 HTTP/1.1 400 Bad Request
 Date: Thu, 20 Jun 2002 17:34:47 GMT
 Server: Apache/1.3.24 (Unix) PHP/4.1.2
 Connection: close
 Transfer-Encoding: chunked
 Content-Type: text/html; charset=iso-8859-1
 
 173
 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
 HTMLHEAD
 TITLE400 Bad Request/TITLE
 /HEADBODY
 H1Bad Request/H1
 Your browser sent a request that this server could not understand.P
 Request header field is missing colon separator.P
 PRE
 8001/PRE
 P
 HR
 ADDRESSApache/1.3.24 Server at wireless.pazardjik.com Port 
 80/ADDRESS
 /BODY/HTML
 
 0
 
 Connection closed by foreign host.
 
 Taka li triabva da e ili ne ?
 
  àìè àç ïà÷íàõ debian source package-a îò testing è unsable 
 (apache 1.3.24)
 ñ
  
 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/005_httpd.patch ñ
 ëåêè
  ìîäèôèêàöèè è ñå apply-íà ÷èñòî óæ, èíà÷å òðåáå äà 
 downgrade äî apache
 1.3.9
  îò stable ùîòî DSA ñå ãðèæàò ñàìî çà stable. Òà ïðåäè äà 
 ïà÷íà 1.3.24 ñ
 òîçè
  òåñò íàïðàâî ìè çàòâàðåøå êîíåêöèÿòà, à ñëåä êàòî ãî ïà÷íàõ ïëþå Bad
 Request,
  íî ïàê close-âà connection-a:
 
  HTTP/1.1 400 Bad Request
  Date: Thu, 20 Jun 2002 17:00:07 GMT
  Server: Apache/1.3.24 (Unix) Debian GNU/Linux mod_python/2.7.6
 Python/2.1.3
  PHP/4.1.2
  mod_fastcgi/2.2.12 mod_auth_pgsql/0.9.12 mod_throttle/3.1.2 
 mod_ssl/2.8.7
  OpenSSL/0.9.6c mod_perl/1.26 DAV/1.0.3
  Connection: close
  Content-Type: text/html; charset=iso-8859-1
 
  !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
  HTMLHEAD
  TITLE400 Bad Request/TITLE
  /HEADBODY
  H1Bad Request/H1
  Your browser sent a request that this server could not 
 understand.P
  Invalid URI in request  POST /index.html HTTP/1.1P
  HR
  ADDRESSApache/1.3.24 Server at localhost Port 80/ADDRESS
  /BODY/HTML
  Connection closed by foreign host.
 
  Òîâà safe ëè å ? èëè ïàê óìèðà child-à è parent-à ìîæå äà 
 íàïðàâè íåêâè
  äèâîòèè ñ ðåñóðñèòå ?
  --
  Greets,
  fr33zb1
 
 ==
 ==
  A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
  http://www.linux-bulgaria.org - Hosted by Internet Group 
 Ltd. - Stara
 Zagora
  To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
 
 ==
 ==
 
 
 ==
 ==
 A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
 http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. 
 - Stara Zagora
 To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
 ==
 ==
 

A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

Re: lug-bg: apache remote vulnerability

2002-06-20 Thread Georgi Chorbadzhiyski 

George Danchev wrote:
 On Thursday 20 June 2002 17:41, Georgi Chorbadzhiyski wrote:
 
za subject-ta ima veche ot 2 dni pachove. ot barziat mi pregled iz
.bg prostanstvoto mnogo malko hora sa si napravili truda si
upgratnat serverchetata. ne se motaite shtoto v nai-skoro vreme
shte pochne da stava interesno.
za da testvate dali ste vulnerable opitaite tova

telnet server 80

POST /hello-admin.html HTTP/1.1
Host: georgi.top.bg
Transfer-Encoding: chunked

8001
boza
0


ako vi dropne konekciata hubavo e da se pogrizhite da si pusnete
apt-get update, up2date ili kvoto tam si puskate.
ako vi dade 400 bad request, spete spokoino.
 
 
 àìè àç ïà÷íàõ debian source package-a îò testing è unsable (apache 1.3.24) ñ 
 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/005_httpd.patch ñ ëåêè 
 ìîäèôèêàöèè è ñå apply-íà ÷èñòî óæ, èíà÷å òðåáå äà downgrade äî apache 1.3.9 
 îò stable ùîòî DSA ñå ãðèæàò ñàìî çà stable. Òà ïðåäè äà ïà÷íà 1.3.24 ñ òîçè 
 òåñò íàïðàâî ìè çàòâàðåøå êîíåêöèÿòà, à ñëåä êàòî ãî ïà÷íàõ ïëþå Bad Request, 
 íî ïàê close-âà connection-a:
 
 HTTP/1.1 400 Bad Request
 Date: Thu, 20 Jun 2002 17:00:07 GMT
 Server: Apache/1.3.24 (Unix) Debian GNU/Linux mod_python/2.7.6 Python/2.1.3 
 PHP/4.1.2
 mod_fastcgi/2.2.12 mod_auth_pgsql/0.9.12 mod_throttle/3.1.2 mod_ssl/2.8.7 
 OpenSSL/0.9.6c mod_perl/1.26 DAV/1.0.3
 Connection: close
 Content-Type: text/html; charset=iso-8859-1
 
 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
 HTMLHEAD
 TITLE400 Bad Request/TITLE
 /HEADBODY
 H1Bad Request/H1
 Your browser sent a request that this server could not understand.P
 Invalid URI in request  POST /index.html HTTP/1.1P
 HR
 ADDRESSApache/1.3.24 Server at localhost Port 80/ADDRESS
 /BODY/HTML
 Connection closed by foreign host.
 
 Òîâà safe ëè å ? èëè ïàê óìèðà child-à è parent-à ìîæå äà íàïðàâè íåêâè 
 äèâîòèè ñ ðåñóðñèòå ?

Äîêîëêîòî ïðî÷åòîõ, ùîì òè ïîêàçâà ãðåøêàòà çíà÷è å íàðåä (òîåñò íå å óÿçâèìî),
àêî ïðîñòî òè çàòâîðè êîíåêöèÿòà çíà÷è _íå å_ íàðåä :(
Ïðåãëåäàé ñè error_log-îâåòå íà ñúðâúðà çà ñúîáùåíèÿ îò ñîðòà íà

[Tue Jun 20 21:16:34 2002] [notice] Parent: child process exited with status 
3221225477 -- Restarting.

Àêî ñëåä îáíîâÿâàíåòî ïðîäúëæàâà äà èìà òàêèâà ñúîáùåíèÿ íå å íà õóáàâî :)

-- 
Georgi Chorbadzhiyski
http://georgi.top.bg/


A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

Re: lug-bg: apache remote vulnerability

2002-06-20 Thread Marian Popov 

Transfer-Encoding: chunked

8001
Connection closed by foreign host.


Tova oznachava li che triabva da upgrade ?


- Original Message -
From: George Danchev [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 20, 2002 8:09 PM
Subject: Re: lug-bg: apache remote vulnerability


 On Thursday 20 June 2002 17:41, Georgi Chorbadzhiyski wrote:
  za subject-ta ima veche ot 2 dni pachove. ot barziat mi pregled iz
  .bg prostanstvoto mnogo malko hora sa si napravili truda si
  upgratnat serverchetata. ne se motaite shtoto v nai-skoro vreme
  shte pochne da stava interesno.
  za da testvate dali ste vulnerable opitaite tova
 
  telnet server 80
 
  POST /hello-admin.html HTTP/1.1
  Host: georgi.top.bg
  Transfer-Encoding: chunked
 
  8001
  boza
  0
 
 
  ako vi dropne konekciata hubavo e da se pogrizhite da si pusnete
  apt-get update, up2date ili kvoto tam si puskate.
  ako vi dade 400 bad request, spete spokoino.

 àìè àç ïà÷íàõ debian source package-a îò testing è unsable (apache 1.3.24)
ñ
 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/005_httpd.patch ñ
ëåêè
 ìîäèôèêàöèè è ñå apply-íà ÷èñòî óæ, èíà÷å òðåáå äà downgrade äî apache
1.3.9
 îò stable ùîòî DSA ñå ãðèæàò ñàìî çà stable. Òà ïðåäè äà ïà÷íà 1.3.24 ñ
òîçè
 òåñò íàïðàâî ìè çàòâàðåøå êîíåêöèÿòà, à ñëåä êàòî ãî ïà÷íàõ ïëþå Bad
Request,
 íî ïàê close-âà connection-a:

 HTTP/1.1 400 Bad Request
 Date: Thu, 20 Jun 2002 17:00:07 GMT
 Server: Apache/1.3.24 (Unix) Debian GNU/Linux mod_python/2.7.6
Python/2.1.3
 PHP/4.1.2
 mod_fastcgi/2.2.12 mod_auth_pgsql/0.9.12 mod_throttle/3.1.2 mod_ssl/2.8.7
 OpenSSL/0.9.6c mod_perl/1.26 DAV/1.0.3
 Connection: close
 Content-Type: text/html; charset=iso-8859-1

 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
 HTMLHEAD
 TITLE400 Bad Request/TITLE
 /HEADBODY
 H1Bad Request/H1
 Your browser sent a request that this server could not understand.P
 Invalid URI in request  POST /index.html HTTP/1.1P
 HR
 ADDRESSApache/1.3.24 Server at localhost Port 80/ADDRESS
 /BODY/HTML
 Connection closed by foreign host.

 Òîâà safe ëè å ? èëè ïàê óìèðà child-à è parent-à ìîæå äà íàïðàâè íåêâè
 äèâîòèè ñ ðåñóðñèòå ?
 --
 Greets,
 fr33zb1


 A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
 http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara
Zagora
 To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html





A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

RE: lug-bg: apache remote vulnerability

2002-06-20 Thread Boyan Krosnov 

da.

FLAMES
zashto podqwolite horata ne chetat kakwo pishe w Advisory-to?
/FLAMES

BR,
Boyan

 -Original Message-
 From: Marian Popov [mailto:[EMAIL PROTECTED]] 
 Sent: Thursday, June 20, 2002 9:38 PM
 To: [EMAIL PROTECTED]
 Subject: Re: lug-bg: apache remote vulnerability
 
 
 Transfer-Encoding: chunked
 
 8001
 Connection closed by foreign host.
 
 
 Tova oznachava li che triabva da upgrade ?

A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

Re: lug-bg: apache remote vulnerability

2002-06-20 Thread Georgi Chorbadzhiyski 

Marian Popov wrote:
 Eto go i moito
 
 
 HTTP/1.1 400 Bad Request
 Date: Thu, 20 Jun 2002 17:34:47 GMT
 Server: Apache/1.3.24 (Unix) PHP/4.1.2
 Connection: close
 Transfer-Encoding: chunked
 Content-Type: text/html; charset=iso-8859-1
 
 173
 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
 HTMLHEAD
 TITLE400 Bad Request/TITLE
 /HEADBODY
 H1Bad Request/H1
 Your browser sent a request that this server could not understand.P
 Request header field is missing colon separator.P
 PRE
 8001/PRE
 P
 HR
 ADDRESSApache/1.3.24 Server at wireless.pazardjik.com Port 80/ADDRESS
 /BODY/HTML
 
 0
 
 Connection closed by foreign host.
 
 Taka li triabva da e ili ne ?

Hmm neznaia kak pravite copy+paste obache az wizhdam tova:

gf@gf:~$ telnet www.pazardjik.com 80
Trying 212.116.152.20...
Connected to www.pazardjik.com.
Escape character is '^]'.
POST /hello-admin.html HTTP/1.1
Host: georgi.top.bg
Transfer-Encoding: chunked

8001
boza
0
Connection closed by foreign host.
gf@gf:~$


-- 
Georgi Chorbadzhiyski
http://georgi.top.bg/


A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

Re: lug-bg: apache remote vulnerability

2002-06-20 Thread George Danchev 

On Thursday 20 June 2002 21:37, Marian Popov wrote:
 Transfer-Encoding: chunked

 8001
 Connection closed by foreign host.


 Tova oznachava li che triabva da upgrade ?

äà. äàâàé äîêàòî å âðåìå ;-)  îñâåí òîâà äåòî êàçà ×îðáàäæèéñêè, ïðè 
òåñòà â ëîãà àêî âñè÷êî å ÎÊ ïîëó÷àâàø 127.0.0.1 - - [20/Jun/2002:22:07:50 
+0300] POST /index.html HTTP/1.1 400 281 - - 

Áóèëäíàõ è åäíî 2.0.39 (upstream sources), ïðè òåñòà:
---
Transfer-Encoding: chunked

8001
HTTP/1.1 413 Request Entity Too Large
Date: Thu, 20 Jun 2002 19:13:06 GMT
Server: Apache/2.0.39 (Unix)
Vary: accept-language
Accept-Ranges: bytes
Content-Length: 762
Connection: close
Content-Type: text/html; charset=ISO-8859-1


!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN
HTML
HEAD
TITLERequest entity too large!/TITLE
--
/HTML

Connection closed by foreign host.

íèùî ëîøî â ëîãà, âå÷å HTTP/1.1 413 Request Entity Too Large ìàé å 
ïî-èíòåëèãåíòåí îòãîâîð äà ñå êàæå íà àòàêåðà äà îäè ó ëåâî ...
-- 
Greets,
fr33zb1

A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html

Re: lug-bg: apache remote vulnerability

2002-06-20 Thread Marian Popov 

  8001
  Connection closed by foreign host.
 
 
  Tova oznachava li che triabva da upgrade ?

 äà. äàâàé äîêàòî å âðåìå ;-)  îñâåí òîâà äåòî êàçà ×îðáàäæèéñêè, ïðè
 òåñòà â ëîãà àêî âñè÷êî å ÎÊ ïîëó÷àâàø 127.0.0.1 - - [20/Jun/2002:22:07:50
 +0300] POST /index.html HTTP/1.1 400 281 - -

 Áóèëäíàõ è åäíî 2.0.39 (upstream sources), ïðè òåñòà:



Ne znam kv ostava no patchnah src i prekompilirah apache.

[Fri Jun 21 02:08:31 2002] [notice] child pid 26292 exit signal Segmentation
fault (11)

Pak syshtata rabota.

versiata m ie 1.3.24
Tva imashe li go i v 1.3.26 ili ne ta ako neshto da smenia versiata shtom
patcha ne work-va

mano


 ---
 Transfer-Encoding: chunked

 8001
 HTTP/1.1 413 Request Entity Too Large
 Date: Thu, 20 Jun 2002 19:13:06 GMT
 Server: Apache/2.0.39 (Unix)
 Vary: accept-language
 Accept-Ranges: bytes
 Content-Length: 762
 Connection: close
 Content-Type: text/html; charset=ISO-8859-1


 !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN
 HTML
 HEAD
 TITLERequest entity too large!/TITLE
 --
 /HTML

 Connection closed by foreign host.

 íèùî ëîøî â ëîãà, âå÷å HTTP/1.1 413 Request Entity Too Large ìàé å
 ïî-èíòåëèãåíòåí îòãîâîð äà ñå êàæå íà àòàêåðà äà îäè ó ëåâî ...
 --
 Greets,
 fr33zb1


 A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
 http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara
Zagora
 To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html





A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html