>Number: 4172 >Category: general >Synopsis: security violation >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Tue Mar 30 14:20:00 PST 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.4 >Environment: Linux sphix.sphix.com 2.0.35 #25 Sat Nov 7 18:33:32 CST 1998 i586 >Description: there might be a posiblity of exploit on apache server as i checked , as one of my client website was hacked www.warforge.com and after checking the analyst i found user www was login in as user www is apache uid / gid itself it come to me there might be a posibility of exploit or hack . also, after scaning other victim of the same hackgroup all those server are running apache
www.webfringe.com is running Apache/1.2.6 on Solaris www.hackcity.com is running Apache/1.2.6 512 on FreeBSD www.warforge.com is running Apache/1.3.4 (Unix) PHP/3.0.6 on Linux www.hackedworld.com is running Apache/1.2.4 FrontPage/3.0.3 on BSD/OS >How-To-Repeat: not sure thou its their exploit after all >Fix: finding the string for it now , will get back to you imediately after found the string >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
