Bugtraq mailing list archives
RE: bugtraq.c httpd apache ssl attack
From: "Sandu Mihai Eduard" <mihai.sandu () kpnqwest ro>
Date: Mon, 16 Sep 2002 19:13:02 +0300
The worm is an AGENT, because it accepts commands throughout the global P2P network created ad-hoc between its instances. One of such commands is 'execute local command on target' (see source, command code: 0x24) and this thing can be used to terminate the worm instantly, by injecting the command 'killall .bugtraq' in the P2P network. The worm's instances will self destruct in this way. I am puzzled that anyone did not thought of that... All my best, Sandu Mihai - KPNQwest Romania Network Engineer -----Original Message----- From: adamkuj () gatordog com [mailto:adamkuj () gatordog com] Sent: 13 September 2002 21:51 To: bugtraq () securityfocus com Subject: Re: bugtraq.c httpd apache ssl attack Wouldn't it be easier to create a blank /tmp/.bugtraq.c file, chmod 000, owned by root? On Fri, 13 Sep 2002, The Little Prince wrote:
too easy to chmod 700 gcc to lock it to root? obviously not as a TOTAL fix -Tony
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network
Administrator/Engineer
thelittleprince () asteroid-b612 org
http://www.asteroid-b612.org
"Every day should be a good day to die" -DJM
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
On 13 Sep 2002, Fernando Nunes wrote:I am using RedHat 7.3 with Apache 1.3.23. Someone used the program "bugtraq.c" to explore an modSSL buffer overflow to get access
to
a shell. The attack creates a file named "/tmp/.bugtraq.c" and compiles
it
using gcc. The program is started with another computer ip address as argument. All computer files that the user "apache" can read are
exposed.
The program attacks the following Linux distributions: Red-Hat: Apache 1.3.6,1.3.9,1.3.12,1.3.19,1.3.20,1.3.22,1.3.23,1.3.26 SuSe: Apache 1.3.12,1.3.17,1.3.19,1.3.20,1.3.23 Mandrake: 1.3.14,1.3.19 Slakware: Apache 1.3.26 Regards Fernando Nunes Portugal--
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Anthony J. Biacco Network
Administrator/Engineer
thelittleprince () asteroid-b612 org
http://www.asteroid-b612.org
"Every day should be a good day to die" -DJM
.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-._.-.
Current thread:
- Re: bugtraq.c httpd apache ssl attack Fernando Nunes (Sep 16)
- <Possible follow-ups>
- RE: bugtraq.c httpd apache ssl attack Sandu Mihai Eduard (Sep 17)
- Re: bugtraq.c httpd apache ssl attack Ben Laurie (Sep 17)
- Re: bugtraq.c httpd apache ssl attack Ben Kittridge (Sep 18)