Re: [Full-Disclosure] ***INTERLAND*** 's default vps PROBABLY has REMOTE COMPROMISE vulnerability

[the lumpalaya <lumpy@xxxxxxxxxxxxx>]

Oh yeah, I forgot to include this link, in case it happens to be the
case.. not that I would know, I dont use Interland...

https://www.redhat.com/advice/speaks_backport.html


On Sun, 15 Aug 2004, Liu Die Yu wrote:

> this message is only useful for INTERLAND users and spammers.
>
> INTERLAND is the most popular web hosting corporation online - even
> bigger than VERIO - according to 3rd-party survey. INTERLAND's default
> vps PROBABLY has REMOTE COMPROMISE vulnerability. "PROBABLY" means i
> just checked the version # of apache, but have not exploited it yet.
>
> when i was planning to run my webapp on INTERLAND's web server, i found
> the server is running apache.1.3.22 and php4.0.x. after checking
> security record at httpd.apache.org AND php.net, i found both apache and
> php contain serious vulnerabilities:
>
> the most serious problem is critical: apache1.3.22 contains REMOTE
> COMPROMISE vulnerability:
>     Apache Chunked encoding vulnerability  CVE-2002-0392
>
> i created support ticket in my account, and waited for about 36 hours,
> but no one responded. then i closed the ticket. it looks like the
> support staff don't care for remote compromise - or too busy to fix it.
> so INTERLAND users must download and install apache themselves.
>
> for demonstration purpose, the following INTERLAND websites are running
> apache1.3.22
> 209.203.227.116,  209.203.227.115, 209.203.227.114
> 209.203.227.117 is an exception - it's my web server with apache1.3.32
> and php5 :-))))
>
> Regards,
>
> Liu Die Yu
> http://umbrella.name/people/liu.dieyu/
>
> UMBRELLA.NAME
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html