Vulnerability Development mailing list archives
RE: Rumours about Apache 1.3.22 exploits
From: "Pedro Hugo" <fractalg () highspeedweb net>
Date: Mon, 25 Feb 2002 23:28:37 -0000
Yeaps... That's one of the exploits I know... I don't have it yet but I know some guys who tested it and didn't worked out...Since they executed it as root (NO NO NO !!! :) ) I would maybe bet in a backdoor. More interesting, is a bind exploit from w00w00 (w00bind-0.5.tar.gz) that says it exploits a remote heap overflow in bind 9.x versions (and maybe 8.x versions)... The interesting thing about it is that it detects all 9.x and 8.x versions as exploitable... And the code doesn't look to have anything to exploit bind... Ah...I have heard about another bind 9.x exploit, this one is said to be working !
According to rumors, this exploit is called 7350cowboy (maded by TESO
team) and exploit Apache 1.3.x versions.
When executing exploit we see: 7350apache - x86/linux/BSD/*nix apache = 1.3.x remote (root/nobody)
team teso (thx bnuts, tomas, synnergy.net !). Compiled >for Butcher 02/2/2002..pr0t!
usage: ./7350cowboy [-h] [-v] [-a] [-D] [-m] [-t <num>] [-d host] [-L <retloc>] [-A <retaddr>]
Current thread:
- Rumours about Apache 1.3.22 exploits Pedro Hugo (Feb 24)
- Re: Rumours about Apache 1.3.22 exploits nilton . gs . sc (Feb 25)
- RE: Rumours about Apache 1.3.22 exploits Pedro Hugo (Feb 25)
- RE: Rumours about Apache 1.3.22 exploits Nico Wieland (Feb 26)
- RE: Rumours about Apache 1.3.22 exploits Pedro Hugo (Feb 25)
- Re: Rumours about Apache 1.3.22 exploits H D Moore (Feb 25)
- php update (was Re: Rumours about Apache 1.3.22 exploits) Christopher McCrory (Feb 27)
- Re: Rumours about Apache 1.3.22 exploits Brandon (Feb 25)
- <Possible follow-ups>
- RE: Rumours about Apache 1.3.22 exploits Pedro Hugo (Feb 25)
- Re: Rumours about Apache 1.3.22 exploits Mike Tone (Feb 26)
- RE: Rumours about Apache 1.3.22 exploits Spare Cycles (Feb 27)
- Re: Rumours about Apache 1.3.22 exploits Olaf Kirch (Feb 27)
- Re: Rumours about Apache 1.3.22 exploits H D Moore (Feb 27)
- Re: Rumours about Apache 1.3.22 exploits nilton . gs . sc (Feb 25)