Vulnerability Development mailing list archives

Apache exploit or stupid script kiddie?

From: "Matthew S. Hallacy" <poptix () techmonkeys org>
Date: Mon, 10 Sep 2001 19:05:10 -0600

howdy,

We had YASK (yet another script kiddie) join #linux on efnet tonight asking for a patch for the new
apache exploit, knowing of no recent exploit I convinced him to try it on my machine, he claimed
all he had was a binary compiled to only work on his machine (possible). He tried it and messaged
me this:

 [root@hisbox /]# ./apex x.x.x.x
 -= FtSoK 0wnz =-
 Checking daemon version...: Apache/1.3.19 (Unix)
 Attempting to compromise..: x.x.x.x
 Remote system is..........: Linux. (Red-Hat/Linux)
 Connected! ...but not vulnerable.


Where x.x.x.x is the address of my machine, I was packet logging (tcpdump) but came up with nothing
out of the ordinary, perhaps someone else knows more.


                                        Matthew S. Hallacy


-- 
--

Current thread:

Apache exploit or stupid script kiddie? Matthew S. Hallacy (Sep 10)
- Re: Apache exploit or stupid script kiddie? dove (Sep 11)
- Re: Apache exploit or stupid script kiddie? jove (Sep 11)
- Re: Apache exploit or stupid script kiddie? Matthew S. Hallacy (Sep 12)
- <Possible follow-ups>
- RE: Apache exploit or stupid script kiddie? auto241065 (Sep 11)