| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: liudieyu at umbrella.name (Liu Die Yu)
Subject: ***INTERLAND*** 's default vps PROBABLY has REMOTE COMPROMISE vulnerability
this message is only useful for INTERLAND users and spammers.
INTERLAND is the most popular web hosting corporation online - even
bigger than VERIO - according to 3rd-party survey. INTERLAND's default
vps PROBABLY has REMOTE COMPROMISE vulnerability. "PROBABLY" means i
just checked the version # of apache, but have not exploited it yet.
when i was planning to run my webapp on INTERLAND's web server, i found
the server is running apache.1.3.22 and php4.0.x. after checking
security record at httpd.apache.org AND php.net, i found both apache and
php contain serious vulnerabilities:
the most serious problem is critical: apache1.3.22 contains REMOTE
COMPROMISE vulnerability:
Apache Chunked encoding vulnerability CVE-2002-0392
i created support ticket in my account, and waited for about 36 hours,
but no one responded. then i closed the ticket. it looks like the
support staff don't care for remote compromise - or too busy to fix it.
so INTERLAND users must download and install apache themselves.
for demonstration purpose, the following INTERLAND websites are running
apache1.3.22
209.203.227.116, 209.203.227.115, 209.203.227.114
209.203.227.117 is an exception - it's my web server with apache1.3.32
and php5 :-))))
Regards,
Liu Die Yu
http://umbrella.name/people/liu.dieyu/
UMBRELLA.NAME
Powered by blists - more mailing lists