Re: Rumours about Apache 1.3.22 exploits -> analysis of so-called exploit client

From: Manuel Bouyer (bouyer@antioche.eu.org)
Date: 03/07/02 

Date: Thu, 7 Mar 2002 20:46:29 +0100
From: Manuel Bouyer <bouyer@antioche.eu.org>
To: Sean Davis <dive@endersgame.net>

On Thu, Mar 07, 2002 at 12:07:31AM -0500, Sean Davis wrote:
> First, I want to thank everybody who has posted information on this - it's
> something that (for obvious reasons) we don't want on our machines.
>
> I have a question, however. Does this "virus" only affect Linux hosts?
> I personally do not run Linux, and have not for some time (all the security
> problems being just one of many reasons, but I don't want this to become an
> OS war)
>
> I run NetBSD. NetBSD has, as an option. Linux binary emulation.
> Now, while I don't think there is any way for this virus to infect any other
> files on your system (that you do not own) unless you are root, how exactly
> is this program getting root?
>
> Stop me if I'm wrong - but this thread was originally about apache exploits.
> Where is the vulnerability, apache, php, or what?

In this specific case, the exploit is in php (unless I misunderstood the
wulnerability it's about). 

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
--

Relevant Pages

  • Re: Apache vs IIS
    ... Windows Server not on my Linux Server so there for I would chose IIS. ... Not that Apache is bad but ASP.NET is far easier and faster to create good web forms in. ... You can run asp on Apache server, and you can do that even on an Apache running on a Linux server. ... PHP on a IIS server is rather easy to run once you install PHP on a PC but if you only use PHP why not use Apache for Windows. ...
    (alt.php)
  • Re: Learning PHP and MYSQL on own laptop possible?
    ... likely put it on a more powerful machine and learn Linux and Apache. ... BTW - many books on PHP and MYSQL include a section on how to install ...
    (comp.lang.php)
  • Re: (Another) simple benchmark
    ... the threaded worker would be used on a lot of linux dists, since they don't have the option to easily rebuild it. ... Debian have avoided threaded apache for a long time. ... PHP is 'deliberately' made slow to encourage Zend optimizer module installs which to give magnitudes more performance, and then there is the sales on their 300% performance increase giving Zend Encoder suite. ... To get the amount of connections you are after with 'ab' in real world situations would insane amounts of ram because the connections would take a long longer to complete over the Internet considering all the dialup and low end adsl connections out there, and web clients would be loading pages bigger then the default Apache installation page, and considering it might be a professional solution using PHP it would probably be long page loads. ...
    (freebsd-performance)
  • Re: Database in HTML????
    ... Linux / Apache / MySQL / PHP ... Linux / Apache / MySQL / Ruby on Rails ...
    (alt.html)
  • Re: Apache vs IIS
    ... Windows Server not on my Linux Server so there for I would chose IIS. ... Not that Apache is bad but ASP.NET is far easier and faster to create ... PHP on a IIS server is rather easy to run once you install PHP on a PC ...
    (alt.php)