Support

Nokki · #1 06-12-2010, 09:02 PM

http://r00tsecurity.org/forums/topic...-byte-exploit/

for real?

JLHC · #2 06-12-2010, 11:18 PM

Also: http://www.webhostingtalk.com/showthread.php?t=955773

brrr · #3 06-13-2010, 02:08 AM

That doesn't seem like a terribly sophisticated script.

It would be rather strange & disappointing if it does indeed let someone suck up a permissions restricted file off a LSWS server, and perhaps set up the attacker to do even more.

MikeDVB · #4 06-13-2010, 04:05 AM

Perhaps this is an old bug that was fixed and only affects those that haven't upgraded?

I've tested this on 4.0.13 and 4.0.14 on x86 and x64 and it's not working.

DanEZPZ · #5 06-13-2010, 06:34 AM

There's another version floating about which does work.

This needs patching immediately. If the mods want the link to the other version, PM me.

AndrewT · #6 06-13-2010, 06:58 AM

I can confirm that it does work on 4.0.14. A mod_security rule appears to sufficiently block the attempts at this time.

DanEZPZ · #7 06-13-2010, 07:00 AM

What rule are you using? There are two versions of this exploit and the rule in the WHT thread only works for one.

MikeDVB · #8 06-13-2010, 07:05 AM

I've also now verified that this is indeed a legitimate vulnerability and exploit.