What was the full URI ? Are you sure it wasn't some box infected with Code Red II or the like ? On a side note, how could this vulnerability yeild a root shell when apache isn't/shouldn't be running as root. -Blake On 1 Feb 2002, Russell Fulton wrote: > On Fri, 2002-02-01 at 10:30, Russell Fulton wrote: > > > > > Hmmm.... we saw an attack two days ago against an apache server which > > consisted of GETs and POST followed by long strings of Xs followed by shell > > code. > > I have just got the logs from the admin and I find I lied, no shell code > was logged by apache, just the long string of 'X'S (about 8186 of them). > So either there was no shell code or apache truncated the string when it > logged it. > > Apologies for the confusion. > > -- > Russell Fulton, Computer and Network Security Officer > The University of Auckland, New Zealand > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Feb 01 2002 - 13:04:40 PST