Bug 761312

Summary: remote denial of service, unknow source code of exploit, only give the binary
Product: Red Hat Enterprise Linux 6 Reporter: xset1980
Component: httpdAssignee: Joe Orton <jorton>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.1CC: jkaluza, prc
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-09 07:51:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
binary file, is a remote exploit for apache server. none

Description xset1980 2011-12-08 02:27:20 UTC 
Created attachment 542333 [details]
binary file, is a remote exploit for apache server.

Description of problem:

Really i no have RHEL, i use Scientific Linux 6.1 stable, 32 an 64 bit, and both have the same bug (tested in others distros), and launching the exploit, generate in the remote host, a overload in apache, and DoS while the exploit are running in the attacker

Version-Release number of selected component (if applicable):

apache 2.2.15


How reproducible:

launch the exploit, i no have the source code because the author, no show the source code is not a security researcher, is a black hat boy


Steps to Reproduce:
1.download the binary file
2../rapache host
3.
  
Actual results:

Apache crash while the exploit is running


Expected results:


Additional info:

Attach the binary file, downloaded from:

http://myw1sd0m.blogspot.com/2011/09/remote-apache-denial-of-service-exploit.html
http://jayakonstruksi.com/backupintsec/rapache.tgz

bug found by : Nikolaus Rango (Kingcope)
sploit coded by : ev1lut10n
evllut10n's email :  ev1lut10n_exploit
ev1lut10n's gopher : gopher://sdf.org/1/users/ev1lut10 
thanks to: X-hack, Danzel, superman,flyff666,peneter,wenkhairu, fadli,gunslinger,petimati,net_spy, and all my friends and you !
=================
root@ev1l:/home/ev1lut10n# ./rapache 
Remote Apache Denial of Service Exploit by ev1lut10n
[-] Usage : ./rapache hostname
root@ev1l:/home/ev1lut10n# 
===================

===========
affected:
Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19


Actually, my host, log during attack:

in /var/log/httpd/access_log:

::1 - - [07/Dec/2011:22:29:50 -0300] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)"
::1 - - [07/Dec/2011:22:29:51 -0300] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)"
::1 - - [07/Dec/2011:22:29:52 -0300] "OPTIONS * HTTP/1.0" 200 - "-" "Apache (internal dummy connection)"
Comment 2 xset1980 2011-12-08 02:35:56 UTC 
the internal dummy connection is present when the exploit is stoped, during the exploit the message is:

[07/Dec/2011:23:31:35 -0300] "HEAD / HTTP/1.1" 400 - "-" "-"
Comment 4 xset1980 2011-12-08 17:33:23 UTC 
Similar to bug https://bugzilla.redhat.com/show_bug.cgi?id=761327, really, same bug.
Comment 7 Tomas Hoger 2011-12-09 07:51:16 UTC 

*** This bug has been marked as a duplicate of bug 761327 ***