Fwd: bugtraq.c httpd apache ssl attack] (fwd)
Matt Alexander
plug-discuss@lists.plug.phoenix.az.us
Fri, 13 Sep 2002 11:05:48 -0700 (PDT)
---------- Forwarded message ----------
Date: Fri, 13 Sep 2002 10:47:05 -0700
From: Stafford A. Rau <srau@rauhaus.org>
Reply-To: plug@lists.pdxlinux.org
To: plug@lists.pdxlinux.org
Subject: [PLUG] [plhofmei@zionlth.org: Fwd: bugtraq.c httpd apache ssl
attack]
Here's more info about what looks to be a modssl compromise.
--Stafford
----- Forwarded message from Phillip Hofmeister <plhofmei@zionlth.org> -----
Date: Fri, 13 Sep 2002 13:25:28 -0400
From: Phillip Hofmeister <plhofmei@zionlth.org>
To: debian-security@lists.debian.org
Subject: Fwd: bugtraq.c httpd apache ssl attack
Message-ID: <20020913172528.GA12508@zionlth.org>
User-Agent: Mutt/1.4i
X-Mailing-List: <debian-security@lists.debian.org> archive/latest/8890
Even through we are not mentioned are we vulnerable to this attack?
----- Forwarded message from Fernando Nunes <fmcn@netcabo.pt> -----
Envelope-to: plhofmei@zionlth.org
Delivery-date: Fri, 13 Sep 2002 13:20:23 -0400
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Date: 13 Sep 2002 13:55:17 -0000
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: Fernando Nunes <fmcn@netcabo.pt>
To: bugtraq@securityfocus.com
Subject: bugtraq.c httpd apache ssl attack
I am using RedHat 7.3 with Apache 1.3.23. Someone used the
program "bugtraq.c" to explore an modSSL buffer overflow to get access to
a shell. The attack creates a file named "/tmp/.bugtraq.c" and compiles it
using gcc. The program is started with another computer ip address as
argument. All computer files that the user "apache" can read are exposed.
The program attacks the following Linux distributions:
Red-Hat: Apache 1.3.6,1.3.9,1.3.12,1.3.19,1.3.20,1.3.22,1.3.23,1.3.26
SuSe: Apache 1.3.12,1.3.17,1.3.19,1.3.20,1.3.23
Mandrake: 1.3.14,1.3.19
Slakware: Apache 1.3.26
Regards
Fernando Nunes
Portugal
----- End forwarded message -----
--
Phil
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/ | gpg --import
XP Source Code:
#include <win2k.h>
#include <extra_pretty_things_with_bugs.h>
#include <more_bugs.h>
#include <require_system_activation.h>
#include <phone_home_every_so_often.h>
#include <remote_admin_abilities_for_MS.h>
#include <more_restrictive_EULA.h>
#include <sell_your_soul_to_MS_EULA.h>
//os_ver="Windows 2000"
os_ver="Windows XP"
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
----- End forwarded message -----
_______________________________________________
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug