[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Apache 1.3.29

To: VeNoMouS <venom@xxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Apache 1.3.29
From: Cedric Blancher <blancher@xxxxxxxxxxxxxxxxxx>
Date: Fri, 12 Mar 2004 00:13:04 +0100

Le jeu 11/03/2004 à 21:38, VeNoMouS a écrit :
> any one know if theres a new exploit for apache 1.3.29 in the wild one
> of my mates boxes was breached this morning by ir4dex appears they
> gained axx via apache then got root via mmap()

Have you checked PHP and CGI stuff to see if there was a way to
compromise the host using them ? They are often a valuable to gain a
unpriviledged shell on web server.

-- 
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Apache 1.3.29
  - From: VeNoMouS

References:
- [Full-Disclosure] Apache 1.3.29
  - From: VeNoMouS

Prev by Date: Re: [Full-Disclosure] Meth and hacking?
Next by Date: Re: [Full-Disclosure] Apache 1.3.29
Previous by thread: [Full-Disclosure] Apache 1.3.29
Next by thread: Re: [Full-Disclosure] Apache 1.3.29
Index(es):
- Date
- Thread