[25928] in bugtraq
Re: ISS Apache Advisory Response
daemon@ATHENA.MIT.EDU (Security Admin)
Mon Jun 24 19:44:17 2002
X-Envelope-To: bugtraq@securityfocus.com
X-Real-To: bugtraq@securityfocus.com
Date: Mon, 24 Jun 2002 15:03:14 +0200
From: Security Admin <security@cyberlink.ch>
To: "Klaus, Chris \(ISSAtlanta\)" <CKlaus@iss.net>
Cc: bugtraq@securityfocus.com
Message-ID: <20020624130314.GA8277@dns1.cyberlink.ch>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <F3E7C024F0FD4E44BC78DB62CEBC16135682@atlmaiexcp02.iss.local>
On Thu, Jun 20, 2002 at 06:06:03PM -0400, Klaus, Chris (ISSAtlanta) wrote:
> 3) ISS was not aware of other researchers discovering this
> vulnerability nor aware of it in the wild at the time of the release of the
> advisory.
We've got reason to believe that this was already known to some
black hats by April the 19th. For linux on intel.
A Friend of mine had a machine compromised on April 19. The intruder
managed to get a shell as user www-data. He hadn't any leads on how
the break-in happened, except for a few thousand lines in the logfile
like this:
[Fri Apr 19 11:06:35 2002] [notice] child pid 25613 exit signal
Segmentation fault (11)
Incidentally, this corresponds to the effect the exploit from
gobbles shows.
Peter Keel
--
Operator in charge for Security Tel +41 1 287 2992
Cyberlink Internet Services AG Fax +41 1 287 2991
Richard Wagnerstrasse 6 admin@cyberlink.ch
CH-8002 Zuerich http://www.cyberlink.ch
