Full Disclosure mailing list archives
Re: Apache 1.3.29
From: Cedric Blancher <blancher () cartel-securite fr>
Date: Fri, 12 Mar 2004 00:13:04 +0100
Le jeu 11/03/2004 à 21:38, VeNoMouS a écrit :
any one know if theres a new exploit for apache 1.3.29 in the wild one of my mates boxes was breached this morning by ir4dex appears they gained axx via apache then got root via mmap()
Have you checked PHP and CGI stuff to see if there was a way to compromise the host using them ? They are often a valuable to gain a unpriviledged shell on web server. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread!
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Apache 1.3.29 VeNoMouS (Mar 11)
- Re: Apache 1.3.29 Jarrod SMith (Mar 11)
- Re: Apache 1.3.29 d4rkgr3y (Mar 11)
- Re: Apache 1.3.29 Jarrod SMith (Mar 11)
- Re: Apache 1.3.29 d4rkgr3y (Mar 11)
- Re: Apache 1.3.29 Cedric Blancher (Mar 11)
- Re: Apache 1.3.29 VeNoMouS (Mar 11)
- Re: Apache 1.3.29 worldi (Mar 12)
- Re: Apache 1.3.29 VeNoMouS (Mar 11)
- <Possible follow-ups>
- Re: Apache 1.3.29 bart2k (Mar 12)
- Re: Apache 1.3.29 Jarrod SMith (Mar 11)