Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rumours about Apache 1.3.22 exploits -> analysis of so-called exploit client

From: Sean Davis <dive () endersgame net>
Date: Thu, 7 Mar 2002 14:50:00 -0500
On Thu, Mar 07, 2002 at 08:46:29PM +0100, Manuel Bouyer wrote:

On Thu, Mar 07, 2002 at 12:07:31AM -0500, Sean Davis wrote:

First, I want to thank everybody who has posted information on this - it's
something that (for obvious reasons) we don't want on our machines.

I have a question, however. Does this "virus" only affect Linux hosts?
I personally do not run Linux, and have not for some time (all the security
problems being just one of many reasons, but I don't want this to become an
OS war)

I run NetBSD. NetBSD has, as an option. Linux binary emulation.
Now, while I don't think there is any way for this virus to infect any other
files on your system (that you do not own) unless you are root, how exactly
is this program getting root?

Stop me if I'm wrong - but this thread was originally about apache exploits.
Where is the vulnerability, apache, php, or what?


In this specific case, the exploit is in php (unless I misunderstood the
wulnerability it's about).



I think the vulnerability in question is in PHP. Is the version of PHP4 in
NetBSD pkgsrc fixed? I've disabled php in apache since I don't use it much
anyway, but I'd feel a lot better about re-enabling it if I knew it was no
longer an issue.

-- 
/~\ The ASCII                         Sean Davis
\ / Ribbon Campaign                    aka dive
 X  Against HTML
/ \ Email!               http://eros.endersgame.net:8000/~dive
Previous By Date Next
Previous By Thread Next

Current thread: