Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Interesting Logs

From: Max <max0r () digitalsamurai org>
Date: Wed, 13 Sep 2000 13:30:59 +0000
Sep  7 16:56:14 flux kernel: Security: return onto stack running as
UID 99, EUID 99, proccess httpd:335
Sep  7 16:56:14 flux kernel: Security: more returns onto the stack,
logging disabled, UID 99, EUID 99, process httpd:331
Sep  7 16:57:40 flux kernel: Security: return onto stack running as
UID 99, EUID 99, process httpd:331

I found these entries (from Solar-Designers non-exec stack patch), in my
logs today. The box in question is Slackware 7.1 (i386) with all
available patches, and alot of security work put into it.
I had heard rumors from several people about a heap overflow for
Apache 1.3.9, this machine is running Apache 1.3.12+php(stable).

I checked my apache logs for anything that might hint towards an attack,
but nothing was there.

Anyone else out there, experienced any apparently-sucessful attacks
on  apache 1.3.9 or up?


--
Max
Computer/Network Security Enthusiast
--------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: