Re: Fwd: bugtraq.c httpd apache ssl attack

To: debian-security@lists.debian.org
Subject: Re: Fwd: bugtraq.c httpd apache ssl attack
From: Wichert Akkerman <wichert@wiggy.net>
Date: Sat, 14 Sep 2002 12:56:00 +0200
Message-id: <[🔎] 20020914105600.GU9150@wiggy.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20020913172528.GA12508@zionlth.org>
References: <[🔎] 20020913172528.GA12508@zionlth.org>

Previously Phillip Hofmeister wrote:
> I am using RedHat 7.3 with Apache 1.3.23. Someone used the 
> program "bugtraq.c" to explore an modSSL buffer overflow to get access to 
> a shell. The attack creates a file named "/tmp/.bugtraq.c" and compiles it 
> using gcc.

One wonders why you would have gcc installed on a webserver..

Wichert.

-- 
  _________________________________________________________________
 /wichert@wiggy.net         This space intentionally left occupied \
| wichert@deephackmode.org                    http://www.wiggy.net/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

Reply to:

Follow-Ups:
- Re: Fwd: bugtraq.c httpd apache ssl attack
  - From: Tim Haynes <debian@stirfried.vegetable.org.uk>
- Re: [d-security] Re: Fwd: bugtraq.c httpd apache ssl attack
  - From: Christian Hammers <ch@debian.org>
- Re: Fwd: bugtraq.c httpd apache ssl attack
  - From: valerian <valerian@bellsouth.net>
- Re: Fwd: bugtraq.c httpd apache ssl attack
  - From: Phillip Hofmeister <plhofmei@zionlth.org>

References:
- Fwd: bugtraq.c httpd apache ssl attack
  - From: Phillip Hofmeister <plhofmei@zionlth.org>

Prev by Date: Re: rlx blade server attacked
Next by Date: Re: Fwd: bugtraq.c httpd apache ssl attack
Previous by thread: Re: Fwd: bugtraq.c httpd apache ssl attack
Next by thread: Re: Fwd: bugtraq.c httpd apache ssl attack
Index(es):
- Date
- Thread