Full Disclosure mailing list archives
Re: Apache 1.3.27 Remote Root 0-Day
From: xbud <xbud () g0thead com>
Date: Fri, 20 Jun 2003 12:16:33 -0500
umm useless attempt at humiliating people.
memcpy(&buffer[512 - strlen(shellcode)], shellcode,
strlen(shellcode));
buffer[512 + 1024] = ';';
buffer[512 + 1024 + 1] = '\0';
void(*b)()=(void*)shellcode;b(); <---- Executes shellcode.
hp = gethostbyname(argv[1]);
if (hp == NULL) {
printf("Server doesn't exist\n");
exit(1);
}
Michael - Learn to read code...
On Friday 20 June 2003 16:06, Andreas Gietl wrote:
Michael <mike-full () megaglobal net> wrote : i don't actually think apache could be root-exploited directly, since it has no suid-bit and does usually not run as root. This was why i did not react to it. Maybe the author wanted to report a new worm that first exploits apache and then does a local-root-exploit. But i don't believe a direct apache-root-exploit exists, unless apache is misconfigured or using suexec or kind of that.Maybe now we can STFU and concentrate on actual disclosure? I'm curious as to why there has been no discussion about this apache report. The poster of this message didnt include any info on the details of the problem nor an exploit, which leaves us wondering. (The insult was cute though) This could be some serious isht if indeed it is true. Can anyone confirm/dispute? -M -- . Michael Jastremski ............................................................. .. Network Engineer > Megaglobal Networks > Megaglobal.net ....................... ...... Photographer > Open Photo Project > Openphoto.net ........................ .......... Resident > West Philadelphia > Westphila.net ........................ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-- ------------------------------ Orlando Padilla http://www.g0thead.com/xbud.asc "I only drink to make other people interesting" ------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Apache 1.3.27 Remote Root 0-Day koec (Jun 19)
- Re: Apache 1.3.27 Remote Root 0-Day Michael (Jun 20)
- Re: Apache 1.3.27 Remote Root 0-Day KF (Jun 20)
- Re: Apache 1.3.27 Remote Root 0-Day Joe Stewart (Jun 20)
- Re: Apache 1.3.27 Remote Root 0-Day James Greenhalgh (Jun 20)
- Re: Apache 1.3.27 Remote Root 0-Day William D. Colburn (aka Schlake) (Jun 20)
- Re: Apache 1.3.27 Remote Root 0-Day nikoteen (Jun 20)
- Re: Apache 1.3.27 Remote Root 0-Day Matt (Jun 20)
- <Possible follow-ups>
- Re: Apache 1.3.27 Remote Root 0-Day Andreas Gietl (Jun 20)
- Re: Apache 1.3.27 Remote Root 0-Day xbud (Jun 20)
- Re: Apache 1.3.27 Remote Root 0-Day Michael (Jun 20)