Vulnerability Development mailing list archives
RE: Bug in Apache 1.3.20 Server - Hackemate Research
From: "Keith.Morgan" <Keith.Morgan () Terradon com>
Date: Mon, 24 Sep 2001 09:56:10 -0400
I have some questions in-line:
-----Original Message----- From: Hackemate.com.ar [mailto:hackemate () softhome net] Sent: Friday, September 21, 2001 11:58 PM To: vuln-dev () securityfocus com; incidents () securityfocus com Subject: Bug in Apache 1.3.20 Server - Hackemate Research This bug (?) affects: Apache/1.3.20 Server While, updating my site and checking out some things and directories, I discovered something pretty interesting in the tmp directory, there were three files, one with a "sem" extension and the other two ones without anyone. Files in Tmp directory: · sess_0af4137ea55aa752a12971b3145d815b · sess_b2e462409e859648ae96a2da84dc03ce · session_mm.sem
Are these created by some application running on the box, or by the user logging in against .htaccess? I'm assuming this would be relative the htpasswd database, and not /etc/passwd (shadow).
Content of file "sess_0af4137ea55aa752a12971b3145d815b" username|s:9:"matt";password|s:9:"secret";!status|lastlist|s:4 :"acct";domain|s:16:"host";
What are the modes on these files? 0600 nobody? 0644 would DEFINITELY be a problem.
as soon as i read it I realised it is nothing more and nothing less than the server username and password to log in in PLAIN TEXT! Obviously i changed it where "matt" is the real username and "SECRET" the password Content of file "sess_b2e462409e859648ae96a2da84dc03ce" username|s:9:"USERname";password|s:9:"password";!status|lastli
st|s:4:"acct";domain|s:16:"host";
The last file "session_mm.sem" was empty Research by WWW.HACKEMATE.COM <-- Contrasecurity Online KerozenE 1999-2001 c0oL! ICQ: 78480975 ********************************* Webmaster of www.hackemate.com.ar hackemate () softhome net ********************************* Moderator of the Security Mailing http://www.eListas.net/lista/hackemate/alta hackemate-alta () Elistas net ********************************* Editor of the EZine HC&KTM Http://www.hackemate.com.ar hackemate-alta () Elistas net *********************************
Current thread:
- Bug in Apache 1.3.20 Server - Hackemate Research Hackemate.com.ar (Sep 22)
- RE: Bug in Apache 1.3.20 Server - Hackemate Research Bloed (Sep 22)
- Re: Bug in Apache 1.3.20 Server - Hackemate Research Petr Baudis (Sep 24)
- Re: Bug in Apache 1.3.20 Server - Hackemate Research Carl Schmidt (Sep 25)
- Re: Bug in Apache 1.3.20 Server - Hackemate Research Steve Grubb (Sep 30)
- Re: Bug in Apache 1.3.20 Server - Hackemate Research Petr Baudis (Sep 24)
- Re: Bug in Apache 1.3.20 Server - Hackemate Research Jay Gruner (Sep 22)
- <Possible follow-ups>
- RE: Bug in Apache 1.3.20 Server - Hackemate Research Keith.Morgan (Sep 24)
- RE: Bug in Apache 1.3.20 Server - Hackemate Research Ron DuFresne (Sep 25)
- RE: Bug in Apache 1.3.20 Server - Hackemate Research Bloed (Sep 22)