Vulnerability Development mailing list archives
Re: Follow up:Apache Nosejob
From: Craig <Leusent () typeoneg net>
Date: Thu, 22 Aug 2002 17:59:09 -0400
On August 22, 2002 01:15 pm, you wrote:
After perfiorming some research, I noticed that the apache worm that is plaguing FreeBSD machines uses the following settings (please correct me if I'm wrong): FreeBSD 4.5 x86 / Apache/1.3.20 (Unix): D=-146, B= 0xbfbfde00, R= 6 Z= 36 FreeBSD 4.5 x86 / Apache/1.3.22-24 (Unix) D=-134 B= 0xbfbfdb00 R= 3 Z=36
After viewing the source code for the apache worm, I did some playing around with the offsets, and I found that the following offsets seemed to work on FreeBSD 4.5 w/apache 1.3.23 quite effectively. -b 0xbfbfdc00 -d -134 -r 3 -z 36 Hope this helps, Craig Holmes
Current thread:
- Follow up:Apache Nosejob Jeremy Junginger (Aug 22)
- Re: Follow up:Apache Nosejob Darroch (Aug 22)
- Re: Follow up:Apache Nosejob Craig (Aug 22)