[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Apache Exploit problem - what have you done?
- Subject: RE: [cobalt-users] Apache Exploit problem - what have you done?
- From: "Gavin Nelmes-Crocker" <cobalt@xxxxxxxxxxxxxxxx>
- Date: Mon Jun 24 14:38:55 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
> At 04:10 PM 6/24/2002 -0400, you wrote:
> >Perhaps, I'm wrong, but I get the distinct impression that all the
> >"software" at www.eeye.com does is look at the version of
> apache that
> >is returned for an HTTP connect (probably just a HEAD). If
> the version
> >is 1.3 then if the release is less than 26, its vurnerable if 26 or
> >greater its not. If the version is 2.0 then a similar check on the
> >release is done. I'd don't believe that the eeye.com
> software atually
> >checkes to see if the site is actually vurnerable to the exploit.
>
> That is what I thought at first but have since changed my
> mind. I think it
> actually sends chunked data then checks for the response.
> If I scan my box with the eeye.com tool before applying the
> blowchunks
> workaround my server shows up as vulnerable and I get:
> [Sat Jun 22 19:31:42 2002] [notice] child pid 11161 exit signal
> Segmentation fault (11)
> -- which is, I believe, the vulnerability in action.
mm just tested this on a customers network - and seen some good some bad
results but what I did notice is that you can scan anything you don't
have to be near the network to do it
What a tool for the other side of the community as well (hackers, script
kiddies etc)
Gavin