Bugtraq mailing list archives
Re: bugtraq.c httpd apache ssl attack
From: Ben Laurie <ben () algroup co uk>
Date: Sat, 14 Sep 2002 10:59:53 +0100
Fernando Nunes wrote:
I am using RedHat 7.3 with Apache 1.3.23. Someone used the program "bugtraq.c" to explore an modSSL buffer overflow to get access to a shell. The attack creates a file named "/tmp/.bugtraq.c" and compiles it using gcc. The program is started with another computer ip address as argument. All computer files that the user "apache" can read are exposed.The program attacks the following Linux distributions: Red-Hat: Apache 1.3.6,1.3.9,1.3.12,1.3.19,1.3.20,1.3.22,1.3.23,1.3.26 SuSe: Apache 1.3.12,1.3.17,1.3.19,1.3.20,1.3.23 Mandrake: 1.3.14,1.3.19 Slakware: Apache 1.3.26
Note that if you are using Apache 1.3.23 you are probably also vulnerable to the chunked overflow bug.
If people would stay up to date with security patches, this stuff wouldn't happen.
Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
Current thread:
- Re: bugtraq.c httpd apache ssl attack Fernando Nunes (Sep 16)
- <Possible follow-ups>
- RE: bugtraq.c httpd apache ssl attack Sandu Mihai Eduard (Sep 17)
- Re: bugtraq.c httpd apache ssl attack Ben Laurie (Sep 17)
- Re: bugtraq.c httpd apache ssl attack Ben Kittridge (Sep 18)