Re: Apache Exploit

From: Michal Zalewski (lcamtuf@coredump.cx)
Date: 06/21/02


Date: Thu, 20 Jun 2002 18:43:49 -0400 (EDT)
From: Michal Zalewski <lcamtuf@coredump.cx>
To: Randy Taylor <rtaylor@enterasys.com>

On Thu, 20 Jun 2002, Randy Taylor wrote:

> Yep it works. Not only that, but preliminary indications are that those
> OS'es not specifically supported in the GOBBLES 'sploit can be DOS'ed by
> it. I've totally hosed RH Linux and FreeBSD boxen with it so far.

How come? At worst, Apache child on Linux should segfault and be restarted
(which is a bit resource- and time-expensive operation, but no biggie).
Perhaps you just DoSed it on TCP level? Or some other symptoms? Just
curious.

-- 
_____________________________________________________
Michal Zalewski [lcamtuf@bos.bindview.com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/