Fwd: [VulnWatch] Apache 1.3.X Exploit

si sta tanto parlando di questo exploit...

e molti credono con le piattaforme i386 siano immuni...

ma a giudicare da questa mail, io farei un giro sul sito dei gobbles


>Mailing-List: contact vulnwatch-help@vulnwatch.org; run by ezmlm
>List-Post: <mailto:vulnwatch@vulnwatch.org>
>List-Help: <mailto:vulnwatch-help@vulnwatch.org>
>List-Unsubscribe: <mailto:vulnwatch-unsubscribe@vulnwatch.org>
>List-Subscribe: <mailto:vulnwatch-subscribe@vulnwatch.org>
>Delivered-To: mailing list vulnwatch@vulnwatch.org
>Delivered-To: moderator for vulnwatch@vulnwatch.org
>From: gobbles@hushmail.com
>To: vulnwatch@vulnwatch.org
>Date: Wed, 19 Jun 2002 15:00:55 -0700
>Subject: [VulnWatch] Apache 1.3.X Exploit
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>There's been a lot of argument suggesting that the socalled "chunking" 
>vulnerability in Apache is not exploitable on x86/*nix.  A lot of experts 
>have offered good arguments as to why it can't be exploited.
>
>Unfortunately, most experts are not turkies.
>
>GOBBLES Security proudly presents a proof-of-concept code for this 
>vulnerability.  This exploit will work on OpenBSD 3.0 and 3.1, with any 
>vulnerable 1.3.x httpd running.
>
>God have mercy on our souls.
>
>- -GOBBLES Security
>
>-----BEGIN PGP SIGNATURE-----
>Version: Hush 2.1
>Note: This signature can be verified at https://www.hushtools.com
>
>wlwEARECABwFAj0Q/c8VHGdvYmJsZXNAaHVzaG1haWwuY29tAAoJEBzRp5chmbAPkMoA
>oK65Y+l6o1u8rWRZkR7lPPzRoiTsAKCwnIlgb6ZZQ9/X+VV9HgqwfFoJWw==
>=Cwih
>-----END PGP SIGNATURE-----


    --==> ALoR <==---------------------- -  -   -

There are only 10 types of people in this world...
those who understand binary, and those who don't.


________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List