httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Local root exploits? [was: remote root exploit?]
Date Fri, 16 Apr 2004 15:53:27 GMT
A general warning for all dev@httpd and users@httpd subscribers;

>>>>I run several sites using 1.3.29 and came across this page on the net:
>>>>
>>>>   http://secu.zzu.edu.cn/modules.php?name=News&file=article&sid=413

I want to make clear (after misdirecting the last mail intended to close
a security report) that there are several malicious "rootkits" being advertised 
to exploit Apache 1.3.29 or other system services that users should 
beware of (citation, among others, above.)

This "rootkit" roots the box *YOU* use it on, not the Apache server or other
system services.  Beware of using "rootkits" to perform vulnerability testing, 
unless you entirely trust the author of the utility.

Some of these "rootkits" look entirely innocent, until you note that there
is an extra pointer deref in the code that invokes the root hexcode locally,
even as it passes to a remote ip connection (with no ill effect or reaction
on the remote box whatsoever.)

Bill



Mime
View raw message