httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Fwd: Re: 1.3.29 remote root exploit? (fwd)
Date Fri, 16 Apr 2004 14:45:17 GMT
FYI issue closed.

At 08:11 AM 4/16/2004, felix k sheng wrote:
>William,
>
>Thanks so much for getting back to me. After sending that in, I had
>the great idea (ok... I'm slow... :) to turn the hex numbers into
>ascii and lo and behold it was just that perl script. I *thought*
>that that meant it presupposed the hackers ability to have arbitrary
>code already running (as opposed to the code giving him the ability
>to execute that arbitrary code) but still wasn't sure.
>
>Thanks again for letting me know the scoop on this. I can breathe
>easy again. 
>
>felix
>
>On Thu, Apr 15, 2004 at 08:14:21PM -0500, William A. Rowe, Jr. wrote:
>>
>>>Date: Thu, 15 Apr 2004 10:17:26 -0400
>>>From: felix k sheng <felix@deasil.com>
>>>To: security@apache.org
>>>Subject: 1.3.29 remote root exploit?
>>>
>>>Hello,
>>>
>>>I run several sites using 1.3.29 and came across this page on the net:
>>>
>>>   http://secu.zzu.edu.cn/modules.php?name=News&file=article&sid=413
>>>
>>>which claims to be a remote root exploit. Is this a real threat or is
>>>it bogus? Please let me know, thank you!
>>
>>Felix this is a very serious theat, to you personally if you use this rootkit.
>>However, it is of no significance at all to your Apache servers.  Simply do
>>not run this toolkit yourself and your machines are invulnerable :)
>>
>>quoting one resident guru;
>>
>>At 03:00 PM 4/15/2004, Mark J Cox wrote:
>>>> I looked briefly - and i do wonder if this isn't the root-yourself toolkit.
>>>
>>>It is; it connects you to a irc server and lets people on the channel run
>>>remote commands as you.  If this is getting passed around we should really
>>>warn about trojan horse exploit code on httpd.apache.org.
>>> 
>>>> >print $sock "USER lemmings +i lemmings :lemmingsv2 NICK lemmings ";
>>
>>
>>
>
>-- 
>felix sheng                                           ... felix@deasil.com



Mime
View raw message