Bugtraq mailing list archives
Re: ISS Apache Advisory Response
From: Security Admin <security () cyberlink ch>
Date: Mon, 24 Jun 2002 15:03:14 +0200
On Thu, Jun 20, 2002 at 06:06:03PM -0400, Klaus, Chris (ISSAtlanta) wrote:
3) ISS was not aware of other researchers discovering this vulnerability nor aware of it in the wild at the time of the release of the advisory.
We've got reason to believe that this was already known to some black hats by April the 19th. For linux on intel. A Friend of mine had a machine compromised on April 19. The intruder managed to get a shell as user www-data. He hadn't any leads on how the break-in happened, except for a few thousand lines in the logfile like this: [Fri Apr 19 11:06:35 2002] [notice] child pid 25613 exit signal Segmentation fault (11) Incidentally, this corresponds to the effect the exploit from gobbles shows. Peter Keel -- Operator in charge for Security Tel +41 1 287 2992 Cyberlink Internet Services AG Fax +41 1 287 2991 Richard Wagnerstrasse 6 admin () cyberlink ch CH-8002 Zuerich http://www.cyberlink.ch
Current thread:
- ISS Apache Advisory Response Klaus, Chris (ISSAtlanta) (Jun 21)
- Re: ISS Apache Advisory Response Kee Hinckley (Jun 21)
- Re: ISS Apache Advisory Response Thomas Reinke (Jun 21)
- Re: ISS Apache Advisory Response Kevin Spett (Jun 21)
- Re: ISS Apache Advisory Response Kevin Spett (Jun 22)
- Re: ISS Apache Advisory Response Mike Eldridge (Jun 21)
- Re: ISS Apache Advisory Response Security Admin (Jun 24)
- <Possible follow-ups>
- Re: ISS Apache Advisory Response dminor (Jun 22)