]]
Sent: 13 September 2002 21:51
To: [EMAIL PROTECTED]
Subject: Re: bugtraq.c httpd apache ssl attack
Wouldn't it be easier to create a blank /tmp/.bugtraq.c file, chmod 000,
owned by root?
On Fri, 13 Sep 2002, The Little Prince wrote:
too easy to chmod 700 gcc to lock it to root?
obviously
Fernando Nunes wrote:
I am using RedHat 7.3 with Apache 1.3.23. Someone used the
program bugtraq.c to explore an modSSL buffer overflow to get access to
a shell. The attack creates a file named /tmp/.bugtraq.c and compiles it
using gcc. The program is started with another computer ip