Security Incidents mailing list archives
Interesting Logs
From: Max <max0r () digitalsamurai org>
Date: Wed, 13 Sep 2000 13:30:59 +0000
Sep 7 16:56:14 flux kernel: Security: return onto stack running as UID 99, EUID 99, proccess httpd:335 Sep 7 16:56:14 flux kernel: Security: more returns onto the stack, logging disabled, UID 99, EUID 99, process httpd:331 Sep 7 16:57:40 flux kernel: Security: return onto stack running as UID 99, EUID 99, process httpd:331 I found these entries (from Solar-Designers non-exec stack patch), in my logs today. The box in question is Slackware 7.1 (i386) with all available patches, and alot of security work put into it. I had heard rumors from several people about a heap overflow for Apache 1.3.9, this machine is running Apache 1.3.12+php(stable). I checked my apache logs for anything that might hint towards an attack, but nothing was there. Anyone else out there, experienced any apparently-sucessful attacks on apache 1.3.9 or up? -- Max Computer/Network Security Enthusiast --------------------------------
Current thread:
- Interesting Logs Max (Sep 14)
- Re: Interesting Logs H D Moore (Sep 14)