Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Apache 1.3.29
From: Cedric Blancher <blancher () cartel-securite fr>
Date: Fri, 12 Mar 2004 00:13:04 +0100

Le jeu 11/03/2004 à 21:38, VeNoMouS a écrit :
any one know if theres a new exploit for apache 1.3.29 in the wild one
of my mates boxes was breached this morning by ir4dex appears they
gained axx via apache then got root via mmap()

Have you checked PHP and CGI stuff to see if there was a way to
compromise the host using them ? They are often a valuable to gain a
unpriviledged shell on web server.

-- 
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus.
Copy me to your signature file and help me spread!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]