Re: Rumours about Apache 1.3.22 exploits -> analysis of so-called exploit client

From: Sean Davis (dive@endersgame.net)
Date: 03/07/02

• Previous message: Chris Eidem: "RE: IExplorer"
• Maybe in reply to: adamb: "Re: Rumours about Apache 1.3.22 exploits -> analysis of so-called exploit client"
• Next in thread: Manuel Bouyer: "Re: Rumours about Apache 1.3.22 exploits -> analysis of so-called exploit client"
• Reply: Manuel Bouyer: "Re: Rumours about Apache 1.3.22 exploits -> analysis of so-called exploit client"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 7 Mar 2002 14:50:00 -0500
From: Sean Davis <dive@endersgame.net>
To: Manuel Bouyer <bouyer@antioche.eu.org>

On Thu, Mar 07, 2002 at 08:46:29PM +0100, Manuel Bouyer wrote:
> On Thu, Mar 07, 2002 at 12:07:31AM -0500, Sean Davis wrote:
> > First, I want to thank everybody who has posted information on this - it's
> > something that (for obvious reasons) we don't want on our machines.
> >
> > I have a question, however. Does this "virus" only affect Linux hosts?
> > I personally do not run Linux, and have not for some time (all the security
> > problems being just one of many reasons, but I don't want this to become an
> > OS war)
> >
> > I run NetBSD. NetBSD has, as an option. Linux binary emulation.
> > Now, while I don't think there is any way for this virus to infect any other
> > files on your system (that you do not own) unless you are root, how exactly
> > is this program getting root?
> >
> > Stop me if I'm wrong - but this thread was originally about apache exploits.
> > Where is the vulnerability, apache, php, or what?
>
> In this specific case, the exploit is in php (unless I misunderstood the
> wulnerability it's about).
>

I think the vulnerability in question is in PHP. Is the version of PHP4 in
NetBSD pkgsrc fixed? I've disabled php in apache since I don't use it much
anyway, but I'd feel a lot better about re-enabling it if I knew it was no
longer an issue.

-- 
/~\ The ASCII                         Sean Davis
\ / Ribbon Campaign                    aka dive
 X  Against HTML
/ \ Email!               http://eros.endersgame.net:8000/~dive

---

• Previous message: Chris Eidem: "RE: IExplorer"
• Maybe in reply to: adamb: "Re: Rumours about Apache 1.3.22 exploits -> analysis of so-called exploit client"
• Next in thread: Manuel Bouyer: "Re: Rumours about Apache 1.3.22 exploits -> analysis of so-called exploit client"
• Reply: Manuel Bouyer: "Re: Rumours about Apache 1.3.22 exploits -> analysis of so-called exploit client"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Rumours about Apache 1.3.22 exploits -> analysis of so-called exploit client ... > something that (for obvious reasons) we don't want on our machines. ... Does this "virus" only affect Linux hosts? ... > Stop me if I'm wrong - but this thread was originally about apache exploits. ... the exploit is in php (unless I misunderstood the ... (Vuln-Dev) RE: Problem starting Apache with PHP ... reasons, the make install to install php 5 does not actually copy over ... Problem starting Apache with PHP ... (Debian-User) How do I remove PHP notice messages? ... I'm using the newest version of php and apache, ... The problem is that it keeps giving notice messages for ... several reasons, for example if a varible doesn't exist (when checking ... (alt.php) How stable is PHP 5.0 + Apache 2.0 on Windows? ... I have installed Apache 2.0 + PHP 4.0.x a while ago and got serious issue. ... Windows 2000 just restarted by itself without any reasons when the server ... (alt.php) Help with php5 install under windows ... This includes moving php from the ... Enable the PHP scripting language engine under Apache. ... or per-virtualhost web server configuration file. ... The PHP directives register_globals, ... (php.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)