[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Serous TUX 2.4.9-J5 problem



Sabias disto ? A confirmar-se convém fazer um upgrade aos nossos
Apaches ASAP...

mcc



tux> On Thursday 20 September 2001 10:42 am, Nathan G. Grennan wrote:
tux> [Chop]
tux> >I restarted Tux fresh and telneted to port 80 and pasted the line in and
tux> > sure enough it instantly crashed. I believe the line I used was:
tux> >
tux> > GET /scripts /..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0
tux> 
tux> Apache 1.3.20 (and presumably earlier) has a similar bug. I noticed this 
tux> during the recent worming. It may be related to Tux's problem. Here's how to 
tux> reproduce it in Apache:
tux> 
tux> 1) You need to redirect 404s to a 404 document:
tux> ErrorDocument 404 /fourofour.shtml
tux> 2) You need be parsing that file:
tux> AddHandler server-parsed .shtml
tux> 3) You need to send it a request like:
tux> http://server.com/test%2fing
tux> 
tux> Apache will Segfault and you'll get a "Document returned no data error" in 
tux> the browser.
tux> 
tux> -Jeff
tux> 
tux> 
tux> 
tux> _______________________________________________
tux> tux-list mailing list
tux> tux-list@redhat.com
tux> https://listman.redhat.com/mailman/listinfo/tux-list





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []