Re: Apache 1.3.XX
From: Sten (sten@blinkenlights.nl)Date: 02/01/02
- Previous message: Russell Fulton: "Re: Apache 1.3.XX"
- Maybe in reply to: Russell Fulton: "Re: Apache 1.3.XX"
- Next in thread: Blake Frantz: "Re: Apache 1.3.XX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 1 Feb 2002 13:03:21 +0100 (CET) From: Sten <sten@blinkenlights.nl> To: Russell Fulton <R.FULTON@auckland.ac.nz>
On 1 Feb 2002, Russell Fulton wrote:
> On Thu, 2002-01-31 at 15:22, John wrote:
> > Hello list,
> >
> > I was wondering if anyone has heard about an Apache 1.3.XX bug starting to
> > surface. Supposedly it creates a bind shell on TCP 2029 when this code
> > executes the payload. The exploit has "7350apache - Apache 1.3.XX remote
> > root exploit" in the binary (along with some other stuff that I don't want
> > to say on the list). I don't have access to this binary and that's why I am
> > curious as to if other people on this list have seen anything lately.
> >
As far as I have seen the apache, ossh 2.9-3.0.2, bind9 seem
to be fakes, which the kiddos use too fool each other.
If there is one it's very private. And not realy circulating,
the signed issues solved in 1.3.23 dont seem te be remotely
exploitable afaik.
-- Sten Spans"What does one do with ones money, when there is no more empty rackspace ?"
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Previous message: Russell Fulton: "Re: Apache 1.3.XX"
- Maybe in reply to: Russell Fulton: "Re: Apache 1.3.XX"
- Next in thread: Blake Frantz: "Re: Apache 1.3.XX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
