Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Apache 1.3.29
From: "VeNoMouS" <venom () gen-x co nz>
Date: Fri, 12 Mar 2004 15:52:46 +1300

heh after the 10 or so emails i got stating almost the same thing i said it
was a mates box, NOT MINE.

how ever i did tell him to look at the logs and he did say there were alot
of the following

"\x80j\x01\x03\x01"

but how can j be in there is what i dont get *shrug*
----- Original Message ----- 
From: "Cedric Blancher" <blancher () cartel-securite fr>
To: "VeNoMouS" <venom () gen-x co nz>
Cc: <full-disclosure () lists netsys com>
Sent: Friday, March 12, 2004 12:13 PM
Subject: Re: [Full-disclosure] Apache 1.3.29


Le jeu 11/03/2004 à 21:38, VeNoMouS a écrit :
any one know if theres a new exploit for apache 1.3.29 in the wild one
of my mates boxes was breached this morning by ir4dex appears they
gained axx via apache then got root via mmap()

Have you checked PHP and CGI stuff to see if there was a way to
compromise the host using them ? They are often a valuable to gain a
unpriviledged shell on web server.

-- 
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus.
Copy me to your signature file and help me spread!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault