Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Apache 1.3.29
From: "Jarrod SMith" <SirSlappy () cox-internet com>
Date: Thu, 11 Mar 2004 23:54:34 -0600

Totally sorry about that.  The "00" both of your names had me confused.
1000 apologies.



----- Original Message ----- 
From: "d4rkgr3y" <d4rk () securitylab ru>
To: <full-disclosure () lists netsys com>
Sent: Thursday, March 11, 2004 10:48 PM
Subject: Re: [Full-disclosure] Apache 1.3.29



They might have used an apache user discosure bug that allows you to
check
user names vs. passwords.. I think it's made by w00w00. It will check
the
user names and passes, if it finds one that works it will login via FTP
to
make sure.
It's made by me and you can find it on m00.void.ru/release.html


  ----- Original Message -----
  From: VeNoMouS
  To: full-disclosure () lists netsys com
  Sent: Thursday, March 11, 2004 2:38 PM
  Subject: [Full-disclosure] Apache 1.3.29


  any one know if theres a new exploit for apache 1.3.29 in the wild one
of
my mates boxes was breached this morning by ir4dex appears they gained
axx
via apache then got root via mmap()
I could hardly imagine that such exploit code is realy exist. I think that
your server was hacked via vulnerability in additional apache mods. Like
mod_ssl, mod_php, mod_gzip, mod_python, etc.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]