[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Apache 1.3.29

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Apache 1.3.29
From: "Jarrod SMith" <SirSlappy@xxxxxxxxxxxxxxxx>
Date: Thu, 11 Mar 2004 17:02:47 -0600

They might have used an apache user discosure bug that allows you to check user 
names vs. passwords.. I think it's made by w00w00. It will check the user names 
and passes, if it finds one that works it will login via FTP to make sure.  

  ----- Original Message ----- 
  From: VeNoMouS 
  To: full-disclosure@xxxxxxxxxxxxxxxx 
  Sent: Thursday, March 11, 2004 2:38 PM
  Subject: [Full-Disclosure] Apache 1.3.29

  any one know if theres a new exploit for apache 1.3.29 in the wild one of my 
mates boxes was breached this morning by ir4dex appears they gained axx via 
apache then got root via mmap()

Follow-Ups:
- Re: [Full-Disclosure] Apache 1.3.29
  - From: d4rkgr3y

References:
- [Full-Disclosure] Apache 1.3.29
  - From: VeNoMouS

Prev by Date: Re: [Full-Disclosure] Apache 1.3.29
Next by Date: Re: [Full-Disclosure] Hi! :-))
Previous by thread: Re: [Full-Disclosure] Apache 1.3.29
Next by thread: Re: [Full-Disclosure] Apache 1.3.29
Index(es):
- Date
- Thread