Vulnerability Development mailing list archives

RE: Rumours about Apache 1.3.22 exploits

From: "Pedro Hugo" <fractalg () highspeedweb net>
Date: Tue, 26 Feb 2002 00:03:19 -0000

A nice bird told me zen-parse has coded an exploit for apache... Seems
all versions,including 1.3.23 are exploitable...
But it seems zen-parse didn't distributed the exploit or it's very
private... But someone else could already have another working one... If
one can do it, someone else can do it too...
Bind 9.2.x exploit is done for quite a while.... Not good news :)
I don't have yet details where the problems are :(

Only ones i've seen are trojans.

You heard anything different ?


At 12:12 a.m. 24/02/02 -0000, you wrote:

There are rumours about an exploit for apache 1.3.22 at least... Don't 
have yet details on it... Anyone else heard about it ?

Current thread:

Rumours about Apache 1.3.22 exploits Pedro Hugo (Feb 24)
- Re: Rumours about Apache 1.3.22 exploits nilton . gs . sc (Feb 25)
  - RE: Rumours about Apache 1.3.22 exploits Pedro Hugo (Feb 25)
    - RE: Rumours about Apache 1.3.22 exploits Nico Wieland (Feb 26)
- Re: Rumours about Apache 1.3.22 exploits H D Moore (Feb 25)
  - php update (was Re: Rumours about Apache 1.3.22 exploits) Christopher McCrory (Feb 27)
- Re: Rumours about Apache 1.3.22 exploits Brandon (Feb 25)
- <Possible follow-ups>
- RE: Rumours about Apache 1.3.22 exploits Pedro Hugo (Feb 25)
- Re: Rumours about Apache 1.3.22 exploits Mike Tone (Feb 26)
- RE: Rumours about Apache 1.3.22 exploits Spare Cycles (Feb 27)
- Re: Rumours about Apache 1.3.22 exploits Olaf Kirch (Feb 27)
  - Re: Rumours about Apache 1.3.22 exploits H D Moore (Feb 27)