Am Mittwoch, 6. Februar 2002 11:42 schrieb Muhic Mirza:
Does anybody hear about new sploit for apache al versions < 1.3.22 ?????? there are some bugs in mod_php and by the apache attacker getting root shell on your machine ?? it not just story it s reality cause i have seen these hacked server s last days with that sploit ..
Can you say a bit or two about the configuration of mod_php on these machines? Were safe_mode enabled? If not it may be a exploit for another local vulnerability, because php allows you to execute any program on the webserver if not configured properly. Were ftp-connections logged before the break-in? I disbelieve that there is a remote root-exploit in php, but I believe that one can misconfigure php to allow local exploits.
One thing is sure : nothing is not sure in fact .
I agree with that. Peter