Return-Path: 
 <users-return-3083-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 54971 invoked by uid 500); 26 Feb 2002 08:47:28 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
list-post: <mailto:users@httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 54960 invoked from network); 26 Feb 2002 08:47:28 -0000
Received: from smtp05.wxs.nl (195.121.6.57)
  by daedalus.apache.org with SMTP; 26 Feb 2002 08:47:28 -0000
Received: from salesint.com ([62.131.174.73]) by smtp05.wxs.nl
          (Netscape Messaging Server 4.15) with ESMTP id GS4TRD00.VC8 for
          <users@httpd.apache.org>; Tue, 26 Feb 2002 09:47:37 +0100
Received: from there ([192.168.0.38])
	by salesint.com (8.9.3/8.9.3/SuSE Linux 8.9.3-0.1) with SMTP id JAA09260
	for <users@httpd.apache.org>; Tue, 26 Feb 2002 09:53:06 +0100
Message-Id: <200202260853.JAA09260@salesint.com>
Content-Type: text/plain;
  charset="iso-8859-1"
From: "TD - Sales International Holland B.V." <td@salesint.com>
Organization: Sales International Holland B.V.
To: users@httpd.apache.org
Subject: Fwd: RE: Rumours about Apache 1.3.22 exploits
Date: Tue, 26 Feb 2002 09:37:16 +0100
X-Mailer: KMail [version 1.3.1]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

Does anyone know more about this?

regards

----------  Forwarded Message  ----------

Subject: RE: Rumours about Apache 1.3.22 exploits
Date: Mon, 25 Feb 2002 23:28:37 -0000
From: "Pedro Hugo" <fractalg@highspeedweb.net>
To: <vuln-dev@securityfocus.com>

Yeaps... That's one of the exploits I know... I don't have it yet but I
know some guys who tested it and didn't worked out...Since they executed
it as root (NO NO NO !!! :) ) I would maybe bet in a backdoor.
More interesting, is a bind exploit from w00w00 (w00bind-0.5.tar.gz)
that says it exploits a remote heap overflow in bind 9.x versions (and
maybe 8.x versions)...
The interesting thing about it is that it detects all 9.x and 8.x
versions as exploitable... And the code doesn't look to have anything to
exploit bind...
Ah...I have heard about another bind 9.x exploit, this one is said to be
working !

>According to rumors, this exploit is called 7350cowboy (maded by TESO

team) and exploit Apache 1.3.x versions.

>When executing exploit we see:
>7350apache - x86/linux/BSD/*nix apache = 1.3.x remote (root/nobody)

team teso (thx bnuts, tomas, synnergy.net !). Compiled >for Butcher
02/2/2002..pr0t!

>usage: ./7350cowboy [-h] [-v] [-a] [-D] [-m]
>                    [-t <num>] [-d host]
>                    [-L <retloc>] [-A <retaddr>]

-------------------------------------------------------

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org