Re: Bug in Apache 1.3.20 Server - Hackemate Research

From: Jay Gruner (getmyfax@gmx.de)
Date: 09/22/01 

Message-Id: <5.1.0.14.2.20010922170641.00aab828@pop.gmx.de>
Date: Sat, 22 Sep 2001 17:10:33 +0200
To: "Hackemate.com.ar" <hackemate@softhome.net>
From: Jay Gruner <getmyfax@gmx.de>
Subject: Re: Bug in Apache 1.3.20 Server - Hackemate Research

These sess_- files look to me like the session-data php likes to save. It's
up to the user where it stores this data (default is a /tmp dir) and what
is more important it is up to the designer of that php-script WHAT it
stores there. So if you choose to put your plain-text username and password
there, no wonder it shows up. I wouldn't call this a vulnerability per se...

Greets,
Jay.

At 00:58 22.09.2001 -0300, you wrote:
>This bug (?) affects: Apache/1.3.20 Server
>
> While, updating my site and checking out some things and
>directories, I discovered something pretty interesting in the tmp
>directory, there were three files, one with a "sem" extension and
>the other two ones without anyone.
>
>Files in Tmp directory:
>
>· sess_0af4137ea55aa752a12971b3145d815b
>· sess_b2e462409e859648ae96a2da84dc03ce
>· session_mm.sem
>
>Content of file "sess_0af4137ea55aa752a12971b3145d815b"
>
>username|s:9:"matt";password|s:9:"secret";!status|lastlist|s:4:"acct";domain|s:16:"host";
>
>as soon as i read it I realised it is nothing more and nothing less than
>the server username and password to log in in PLAIN TEXT!
>Obviously i changed it where "matt" is the real username and "SECRET" the
>password
>
>Content of file "sess_b2e462409e859648ae96a2da84dc03ce"
>
>username|s:9:"USERname";password|s:9:"password";!status|lastlist|s:4:"acct";domain|s:16:"host";
>
>The last file "session_mm.sem" was empty
>
>Research by WWW.HACKEMATE.COM <-- Contrasecurity Online
>
>
>KerozenE 1999-2001 c0oL!
>ICQ: 78480975
>*********************************
>Webmaster of www.hackemate.com.ar
>hackemate@softhome.net
>*********************************
>Moderator of the Security Mailing
>http://www.eListas.net/lista/hackemate/alta
>hackemate-alta@Elistas.net
>*********************************
>Editor of the EZine HC&KTM
>http://www.hackemate.com.ar
>hackemate-alta@Elistas.net
>*********************************

Relevant Pages

  • Re: Problem with Xserver and Gnome applications
    ... The program 'gedit' received an X Window System error. ... This probably reflects a bug in the program. ... request belongs to an X11 extension. ... server does not support that extension and gedit doesn't check for it ...
    (comp.sys.sgi.admin)
  • Re: Failed to map the path /App_GlobalResources/
    ... Have you also tested on other server to see whether you'll encounter the ... is this the first time you try deploying 2.0 website on ... |> | If not, install it, and check to see whether the bug remains. ...
    (microsoft.public.dotnet.framework.aspnet)
  • 5 bugs
    ... Don't confuse with Apacheweb server. ... Bug founded in function $exists. ... If you want to use this function (play sound-requests), ...
    (Bugtraq)
  • [VulnWatch] 5 bugs
    ... Don't confuse with Apacheweb server. ... Bug founded in function $exists. ... If you want to use this function (play sound-requests), ...
    (VulnWatch)
  • Re: [Full-disclosure] Which is more secure? Oracle vs. Microsoft
    ... AK>> The following bugs are Oracle application server bugs (Oracle Portal ... DL> app these are PL/SQL packages in the database server. ... is an Oracle database bug? ...
    (Full-Disclosure)