Re: Apache buffer overflow attempt

Subject: Re: Apache buffer overflow attempt
From: The Alaskan Bear (akbear@akbearsden.com)
Date: Sun Oct 13 2002 - 01:16:34 AKDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Anthony Valentine: "Re: Help with recording tapes"
• Previous message: James Zuelow: "Apache buffer overflow attempt"
• In reply to: James Zuelow: "Apache buffer overflow attempt"
• Next in thread: James Zuelow: "Re: Apache buffer overflow attempt"
• Reply: The Alaskan Bear: "Re: Apache buffer overflow attempt"
• Reply: The Alaskan Bear: "Re: Apache buffer overflow attempt"

This wouldn't happen to be the affects of the worm that is out and is directed at the Apache SSL would it?
I know there has been a lot of reports about a worm that has been put out that was strictly created to actually
go after Linux Apache and the linux version only. I have not seen any of the output on it, but I wouldn't be
surprised if this is some of the output from it.

-- 
Ted Montgomery
The Alaskan Bear's Den
akbear@akbearsden.com
Registered Linux User: #253251
907-242-9824
-- There are some things lots of money can buy ... --
 
-- For everything else, there is LINUX ... --
On Sat, Oct 12, 2002 at 10:12:00PM -0800, James Zuelow wrote:
> 
> Here's an interesting hit that was directed at www.juneau-lug.org.  I've not seen this particular type of buffer overflow in my logs before.  Anyone recognise it?  There were 20 attempts, all ~1 second apart according to the time stamp.
> 
> Cheers,
> 
> James
> 
> ----Apache log entry
> 
> [Fri Oct 11 18:22:56 2002] [error] [client 207.33.111.34] Invalid method in request HEAD%00 /%20HTTP/1.0%0D%0A%0D%0AAccept%3A%20echgncjufwfnuwxcec/../../index.html%3fmmjdpoqufdkcwrx=/../ssrbqjfzisudziohwucbuypjhahahmclgucjbznihslzgjonzzefnqqotnadjfbufderfkhwgswagogsshkygtoesxjvltckrqndqyplbjlavc
> [about 13 lines of apparently random characters stripped]
> 
> hpoifyyhtxylrdcnpqrnrcsbxyubbreqinfbavfwojasoqslxcpphnlrkvrniyln/.././ HTTP/1.0
> 
> Of the 20, they were all more or less the same except the second attempt which generated a different error:
> 
> [Fri Oct 11 18:22:57 2002] [error] [client 207.33.111.34] Invalid method in request GET%00 /%20HTTP/1.0%0D%0A%0D%0AAccept%3A%20hepevbluntodxmq/../../index.html%3frfxbheaihaysvjo=/../znxxlp [snip]
> 
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: Anthony Valentine: "Re: Help with recording tapes"
• Previous message: James Zuelow: "Apache buffer overflow attempt"
• In reply to: James Zuelow: "Apache buffer overflow attempt"
• Next in thread: James Zuelow: "Re: Apache buffer overflow attempt"
• Reply: The Alaskan Bear: "Re: Apache buffer overflow attempt"
• Reply: The Alaskan Bear: "Re: Apache buffer overflow attempt"

This archive was generated by hypermail 2a23 : Sun Oct 13 2002 - 01:17:34 AKDT