httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Goldstein <white...@whitewlf.net>
Subject Re: [users@httpd] Strange Error log msgs
Date Fri, 06 Feb 2004 17:19:27 GMT
This is a dedicated user system, and the site author says nothing uses 
'su' , and everything is in php, no cgi.
neither apache nor php has suexec capability.

I did a grep for "su -a" and found nothing, and obviously grep'ing for 
just "su" would be a bit crazy.

the error has no time stamp, and no page reference.
Is there any known exploit or vulnerability in that version of apache 
to allow an su command to occur from an outside request?


-- 
Adam Goldstein
White Wolf Networks
http://whitewlf.net


On Feb 5, 2004, at 4:38 AM, Jez Hancock wrote:

> On Wed, Feb 04, 2004 at 12:27:00PM -0500, Adam Goldstein wrote:
>> Has anyone ever seen this appear in an (Apache2.0.47) error_log?
>>
>> su: invalid option -- a
>> Try `su --help' for more information.
> Someone may be trying to execute the 'su' command from an HTML form and
> the error is being logged to the error_log.  I have a PHP script that
> displays man pages and if a user enters a page that doesn't exist the
> error is dumped to the error log file:
>
> No manual entry for <some non-existent manpage>
>
> There's an entry in my blog at http://jez.hancock-family.com/ about
> exploiting CGI scripts which might be of interest.
>
> -- 
> Jez Hancock
>  - System Administrator / PHP Developer
>
> http://munk.nu/
> http://jez.hancock-family.com/  - Another FreeBSD Diary
> http://ipfwstats.sf.net/        - ipfw peruser traffic logging
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message