Tenon Intersystems Please see text links at bottom of page for navigation
Please see text links at bottom of page for navigation

Search tenon.com

Thanks to:

WebTen
[Top] [All Lists]
<prev [Date] next> <prev [Thread] next>

Re: Apache Vulnerability in WebTen

To: <webten@xxxxxxxxxxxxxxx>
Subject: Re: Apache Vulnerability in WebTen
From: Ed Pastore <EPastore@xxxxxxxx>
Date: Tue, 25 Jun 2002 12:50:02 -0400 
Assuming for the moment that I find it unworkable to turn Squid back on, are
there some other hacks I can do? Here are a few things I (as a
mostly-unix-ignorant user) can think of:

1. Spoof the version of Apache that my server generates when queried?

2. Monitor the tmp directory with something like PageSentry, and if anything
changes in that directory, reboot the computer?

3. Spoof other queryable information like the CPU, OS, etc. to make my
machine look like an Intel box or something, so when a hacker tries to write
code for it, it fails.

4. Some other clever but simple stuff like that that y'all can think of?


Also, just a point of clarification... On this page:
<http://httpd.apache.org/info/security_bulletin_20020617.txt>, they say
this:
> Versions of the Apache web server up to and including 1.3.24 and 2.0 up to
> and including 2.0.36 contain a bug in the routines which deal with invalid
> requests which are encoded using chunked encoding.  This bug can be triggered
> remotely by sending a carefully crafted invalid request. This functionality
> is enabled by default.
It's the last sentence that interests me. Are they implying that something
can be reconfigured to turn of "this functionality," and if so, what would
be lost?


P.S. Interesting aside: This page http://online.securityfocus.com/bid/5033
does not mention Apache 1.2.6, though I assume it still applies....

P.P.S. Second aside: It seems that the two most public hacks:
http://downloads.securityfocus.com/vulnerabilities/exploits/apache-nosejob.c
http://downloads.securityfocus.com/vulnerabilities/exploits/apache-scalp.c
are targeted at BSD versions of Apache 1.3 only. Assuming I'm reading the
code correctly.... Or is this just some extra code to also include BSD
versions?

struct {
    char *type;
    u_long retaddr;
} targets[] = {    // hehe, yes theo, that say OpenBSD here!
    { "OpenBSD 3.0 x86 / Apache 1.3.20",    0xcf92f },
    { "OpenBSD 3.0 x86 / Apache 1.3.22",    0x8f0aa },
    { "OpenBSD 3.0 x86 / Apache 1.3.24",    0x90600 },
    { "OpenBSD 3.1 x86 / Apache 1.3.20",    0x8f2a6 },
    { "OpenBSD 3.1 x86 / Apache 1.3.23",    0x90600 },
    { "OpenBSD 3.1 x86 / Apache 1.3.24",    0x9011a },
    { "OpenBSD 3.1 x86 / Apache 1.3.24 #2",    0x932ae },
};
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Apache Vulnerability in WebTen, Bruce McDonald
Next by Date:  Re: Apache Vulnerability in WebTen, Ed Pastore
Previous by Thread:  Re: Apache Vulnerability in WebTen, Erik Lotspeich
Next by Thread:  Re: Apache Vulnerability in WebTen, Robert Brandtjen
Indexes:  [Date] [Thread] [Top] [All Lists]
| Tenon Home | Products | Order | Contact Us | About Tenon | Register | Tech Support | Resources | Press Room | Mailing Lists |

Powered By iTools

Copyright©2003 Tenon Intersystems, 232 Anacapa Street, Suite 2A, Santa Barbara, CA 93101. All rights reserved.
Questions about our website - Contact: webmaster@tenon.com.

Tenon Home Tenon Home Tenon Home Tenon Home Product Info Tenon Ordering Contact About Register Support Resources Press Mailing Lists