Re: ISS Apache Advisory Response

From: Security Admin (securityat_private)
Date: Mon Jun 24 2002 - 06:03:14 PDT

Next message: securityat_private: "Security Update: [CSSA-2002-029.0] Linux: Apache Web Server Chunk Handling Vulnerability"

Previous message: Auriemma Luigi: "Re: Half-life fake players bug (update)"
In reply to: Klaus, Chris (ISSAtlanta): "ISS Apache Advisory Response"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 20, 2002 at 06:06:03PM -0400, Klaus, Chris (ISSAtlanta) wrote:
> 3)      ISS was not aware of other researchers discovering this
> vulnerability nor aware of it in the wild at the time of the release of the
> advisory.

We've got reason to believe that this was already known to some 
black hats by April the 19th. For linux on intel. 

A Friend of mine had a machine compromised on April 19. The intruder
managed to get a shell as user www-data. He hadn't any leads on how
the break-in happened, except for a few thousand lines in the logfile
like this:

[Fri Apr 19 11:06:35 2002] [notice] child pid 25613 exit signal
        Segmentation fault (11)

Incidentally, this corresponds to the effect the exploit from
gobbles shows. 

Peter Keel
-- 
Operator in charge for Security       Tel +41 1 287 2992
Cyberlink Internet Services AG        Fax +41 1 287 2991
Richard Wagnerstrasse 6               adminat_private
CH-8002 Zuerich                  http://www.cyberlink.ch

Next message: securityat_private: "Security Update: [CSSA-2002-029.0] Linux: Apache Web Server Chunk Handling Vulnerability"
Previous message: Auriemma Luigi: "Re: Half-life fake players bug (update)"
In reply to: Klaus, Chris (ISSAtlanta): "ISS Apache Advisory Response"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 16:47:17 PDT