Full Disclosure mailing list archives
Re: Apache 1.3.29
From: "Jarrod SMith" <SirSlappy () cox-internet com>
Date: Thu, 11 Mar 2004 17:02:47 -0600
They might have used an apache user discosure bug that allows you to check user names vs. passwords.. I think it's made by w00w00. It will check the user names and passes, if it finds one that works it will login via FTP to make sure. ----- Original Message ----- From: VeNoMouS To: full-disclosure () lists netsys com Sent: Thursday, March 11, 2004 2:38 PM Subject: [Full-disclosure] Apache 1.3.29 any one know if theres a new exploit for apache 1.3.29 in the wild one of my mates boxes was breached this morning by ir4dex appears they gained axx via apache then got root via mmap()
Current thread:
- Apache 1.3.29 VeNoMouS (Mar 11)
- Re: Apache 1.3.29 Jarrod SMith (Mar 11)
- Re: Apache 1.3.29 d4rkgr3y (Mar 11)
- Re: Apache 1.3.29 Jarrod SMith (Mar 11)
- Re: Apache 1.3.29 d4rkgr3y (Mar 11)
- Re: Apache 1.3.29 Cedric Blancher (Mar 11)
- Re: Apache 1.3.29 VeNoMouS (Mar 11)
- Re: Apache 1.3.29 worldi (Mar 12)
- Re: Apache 1.3.29 VeNoMouS (Mar 11)
- <Possible follow-ups>
- Re: Apache 1.3.29 bart2k (Mar 12)
- Re: Apache 1.3.29 Jarrod SMith (Mar 11)