Full Disclosure: Re: RE: Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: RE: Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST)

From: Christian Friedl <xian () mediaclan at>
Date: Sat, 21 Jun 2003 14:05:38 +0200 (METDST)

"mattmurphy () kc rr com" <mattmurphy () kc rr com> writes on 
Fri, 20 Jun 2003 20:48:33 +0200 (METDST):

Had KOEC intended to cause serious damage, that shellcode could have
been
written to execute:

rm -rf /

it is advised that users at least drop the privileges of suspect code
with
'su' -- never run suspect files as highly-privileged users.



Just wanted to add: that won't help much in case it really IS a
local root exploit.

I call stuff like this "local curiosity exploit", admit to have 
fallen for that kind of traps in the past and repent my sins :-)

chris
(stand1ng 1n c0rn3r, watching the x-files) 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

RE: Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST), (continued)
- Re: Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST) Gareth Bromley (Jun 20)
- RE: Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST) Hudak, Tyler (Jun 20)
- RE: Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST) mattmurphy () kc rr com (Jun 20)
  - Re: RE: Apache 1.3.27 Remote Root 0-Day Exploit (OFFICIAL POST) Christian Friedl (Jun 21)