Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rumours about Apache 1.3.22 exploits -> analysis of so-called exploit client

From: Manuel Bouyer <bouyer () antioche eu org>
Date: Thu, 7 Mar 2002 20:46:29 +0100
On Thu, Mar 07, 2002 at 12:07:31AM -0500, Sean Davis wrote:

First, I want to thank everybody who has posted information on this - it's
something that (for obvious reasons) we don't want on our machines.

I have a question, however. Does this "virus" only affect Linux hosts?
I personally do not run Linux, and have not for some time (all the security
problems being just one of many reasons, but I don't want this to become an
OS war)

I run NetBSD. NetBSD has, as an option. Linux binary emulation.
Now, while I don't think there is any way for this virus to infect any other
files on your system (that you do not own) unless you are root, how exactly
is this program getting root?

Stop me if I'm wrong - but this thread was originally about apache exploits.
Where is the vulnerability, apache, php, or what?


In this specific case, the exploit is in php (unless I misunderstood the
wulnerability it's about).


-- 
Manuel Bouyer <bouyer () antioche eu org>
--
Previous By Date Next
Previous By Thread Next

Current thread: