[Snort-sigs] Anyone working on sigs for the Apache chunked encodingvulnerability?
syz at ...641...
Tue Jun 18 12:21:07 EDT 2002
Matt Kettler wrote:
> I'm wondering if anyone has a bit more information on this vulnerability so
> that we can start writing sigs for it.
If you send (for example):
GET /killapache.html HTTP/1.0
the child will crash.
> Currently it looks like it's a DoS against any version of Apache on any
> platform, and potentially exploitable on win32 and some 64bit platforms.
Looks like it, yes...
Jun 18 06:23:49 syzop kernel: pid 30992 (apache), uid 33 exited on signal 11 writing 0xc0000000
stack overflow, like they said.
> The available information I can find so far indicates a lot about the high
> level structure of the problem, but so far (somewhat wisely) does not give
> much exploit detail. Unfortunately lack of such detail makes signature
> writing near impossible at this point, so I'm wondering if anyone has
> stumbled across more information than I have.
Bram Matthys (Syzop).
More information about the Snort-sigs