Full Disclosure mailing list archives
***INTERLAND*** 's default vps PROBABLY has REMOTE COMPROMISE vulnerability
From: Liu Die Yu <liudieyu () umbrella name>
Date: Sun, 15 Aug 2004 17:54:39 +0800
this message is only useful for INTERLAND users and spammers.INTERLAND is the most popular web hosting corporation online - even bigger than VERIO - according to 3rd-party survey. INTERLAND's default vps PROBABLY has REMOTE COMPROMISE vulnerability. "PROBABLY" means i just checked the version # of apache, but have not exploited it yet.
when i was planning to run my webapp on INTERLAND's web server, i found the server is running apache.1.3.22 and php4.0.x. after checking security record at httpd.apache.org AND php.net, i found both apache and php contain serious vulnerabilities:
the most serious problem is critical: apache1.3.22 contains REMOTE COMPROMISE vulnerability:
Apache Chunked encoding vulnerability CVE-2002-0392i created support ticket in my account, and waited for about 36 hours, but no one responded. then i closed the ticket. it looks like the support staff don't care for remote compromise - or too busy to fix it. so INTERLAND users must download and install apache themselves.
for demonstration purpose, the following INTERLAND websites are running apache1.3.22
209.203.227.116, 209.203.227.115, 209.203.227.114209.203.227.117 is an exception - it's my web server with apache1.3.32 and php5 :-))))
Regards, Liu Die Yu http://umbrella.name/people/liu.dieyu/ UMBRELLA.NAME _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- ***INTERLAND*** 's default vps PROBABLY has REMOTE COMPROMISE vulnerability Liu Die Yu (Aug 15)
- Re: ***INTERLAND*** 's default vps PROBABLY has REMOTE COMPROMISE vulnerability the lumpalaya (Aug 15)
- Re: ***INTERLAND*** 's default vps PROBABLY has REMOTE COMPROMISE vulnerability Liu Die Yu (Aug 15)
- Re: ***INTERLAND*** 's default vps PROBABLY has REMOTE COMPROMISE vulnerability Jan Muenther (Aug 15)
- Re: ***INTERLAND*** 's default vps PROBABLY has REMOTE COMPROMISE vulnerability Liu Die Yu (Aug 15)
- Re: ***INTERLAND*** 's default vps PROBABLY has REMOTE COMPROMISE vulnerability the lumpalaya (Aug 15)
- Re: ***INTERLAND*** 's default vps PROBABLY has REMOTE COMPROMISE vulnerability the lumpalaya (Aug 15)