Bugtraq mailing list archives

Re: ISS Apache Advisory Response

From: Security Admin <security () cyberlink ch>
Date: Mon, 24 Jun 2002 15:03:14 +0200

On Thu, Jun 20, 2002 at 06:06:03PM -0400, Klaus, Chris (ISSAtlanta) wrote:

3)      ISS was not aware of other researchers discovering this
vulnerability nor aware of it in the wild at the time of the release of the
advisory.


We've got reason to believe that this was already known to some 
black hats by April the 19th. For linux on intel. 

A Friend of mine had a machine compromised on April 19. The intruder
managed to get a shell as user www-data. He hadn't any leads on how
the break-in happened, except for a few thousand lines in the logfile
like this:

[Fri Apr 19 11:06:35 2002] [notice] child pid 25613 exit signal
        Segmentation fault (11)

Incidentally, this corresponds to the effect the exploit from
gobbles shows. 

Peter Keel
-- 
Operator in charge for Security       Tel +41 1 287 2992
Cyberlink Internet Services AG        Fax +41 1 287 2991
Richard Wagnerstrasse 6               admin () cyberlink ch
CH-8002 Zuerich                  http://www.cyberlink.ch

Current thread:

ISS Apache Advisory Response Klaus, Chris (ISSAtlanta) (Jun 21)
- Re: ISS Apache Advisory Response Kee Hinckley (Jun 21)
- Re: ISS Apache Advisory Response Thomas Reinke (Jun 21)
- Re: ISS Apache Advisory Response Kevin Spett (Jun 21)
  - Re: ISS Apache Advisory Response Kevin Spett (Jun 22)
- Re: ISS Apache Advisory Response Mike Eldridge (Jun 21)
- Re: ISS Apache Advisory Response Security Admin (Jun 24)
- <Possible follow-ups>
- Re: ISS Apache Advisory Response dminor (Jun 22)