Re: Apache 1.3.XX
From: Russell Fulton (R.FULTON@auckland.ac.nz)Date: 01/31/02
- Previous message: Russell Fulton: "[Unusual Network_scan[tcp-6267]]"
- In reply to: John: "Apache 1.3.XX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Russell Fulton <R.FULTON@auckland.ac.nz> To: John <johns@tampabay.rr.com> Date: 01 Feb 2002 10:30:16 +1300
On Thu, 2002-01-31 at 15:22, John wrote:
> Hello list,
>
> I was wondering if anyone has heard about an Apache 1.3.XX bug starting to
> surface. Supposedly it creates a bind shell on TCP 2029 when this code
> executes the payload. The exploit has "7350apache - Apache 1.3.XX remote
> root exploit" in the binary (along with some other stuff that I don't want
> to say on the list). I don't have access to this binary and that's why I am
> curious as to if other people on this list have seen anything lately.
>
Hmmm.... we saw an attack two days ago against an apache server which
consisted of GETs and POST followed by long strings of Xs followed by shell
code. They did not get in so I don't have any other leaving from the attack.
Nor did snort pick up the attack, it did detect various ftp exploits
launched against the box from the same address and that was what drew my
attention to it.
-- Russell Fulton, Computer and Network Security Officer The University of Auckland, New Zealand---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Previous message: Russell Fulton: "[Unusual Network_scan[tcp-6267]]"
- In reply to: John: "Apache 1.3.XX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
