lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: lumpy at the.whole.net (the lumpalaya)
Subject: ***INTERLAND*** 's default vps PROBABLY has
 REMOTE COMPROMISE vulnerability

Oh yeah, I forgot to include this link, in case it happens to be the
case.. not that I would know, I dont use Interland...

https://www.redhat.com/advice/speaks_backport.html


On Sun, 15 Aug 2004, Liu Die Yu wrote:

> this message is only useful for INTERLAND users and spammers.
>
> INTERLAND is the most popular web hosting corporation online - even
> bigger than VERIO - according to 3rd-party survey. INTERLAND's default
> vps PROBABLY has REMOTE COMPROMISE vulnerability. "PROBABLY" means i
> just checked the version # of apache, but have not exploited it yet.
>
> when i was planning to run my webapp on INTERLAND's web server, i found
> the server is running apache.1.3.22 and php4.0.x. after checking
> security record at httpd.apache.org AND php.net, i found both apache and
> php contain serious vulnerabilities:
>
> the most serious problem is critical: apache1.3.22 contains REMOTE
> COMPROMISE vulnerability:
>     Apache Chunked encoding vulnerability  CVE-2002-0392
>
> i created support ticket in my account, and waited for about 36 hours,
> but no one responded. then i closed the ticket. it looks like the
> support staff don't care for remote compromise - or too busy to fix it.
> so INTERLAND users must download and install apache themselves.
>
> for demonstration purpose, the following INTERLAND websites are running
> apache1.3.22
> 209.203.227.116,  209.203.227.115, 209.203.227.114
> 209.203.227.117 is an exception - it's my web server with apache1.3.32
> and php5 :-))))
>
> Regards,
>
> Liu Die Yu
> http://umbrella.name/people/liu.dieyu/
>
> UMBRELLA.NAME
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ