Home page logo

bugtraq logo Bugtraq mailing list archives

Re: ISS Apache Advisory Response
From: Security Admin <security () cyberlink ch>
Date: Mon, 24 Jun 2002 15:03:14 +0200

On Thu, Jun 20, 2002 at 06:06:03PM -0400, Klaus, Chris (ISSAtlanta) wrote:
3)      ISS was not aware of other researchers discovering this
vulnerability nor aware of it in the wild at the time of the release of the

We've got reason to believe that this was already known to some 
black hats by April the 19th. For linux on intel. 

A Friend of mine had a machine compromised on April 19. The intruder
managed to get a shell as user www-data. He hadn't any leads on how
the break-in happened, except for a few thousand lines in the logfile
like this:

[Fri Apr 19 11:06:35 2002] [notice] child pid 25613 exit signal
        Segmentation fault (11)

Incidentally, this corresponds to the effect the exploit from
gobbles shows. 

Peter Keel
Operator in charge for Security       Tel +41 1 287 2992
Cyberlink Internet Services AG        Fax +41 1 287 2991
Richard Wagnerstrasse 6               admin () cyberlink ch
CH-8002 Zuerich                  http://www.cyberlink.ch

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]