Firewalls: Re: New attack via HTTPD

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: New attack via HTTPD
From:	marchany @ vtserf . cc . vt . edu
Date:	Sun, 22 Sep 96 21:02:41 -0400
To:	Andy Finkenstadt <kahuna @ supernet . net>
Cc:	cert @ cert . org, bryan @ supernet . net (bryan s. blank), jarrell @ vt . edu, genie @ panix . com, firewalls @ greatcircle . com, srogers @ geis . geis . com, rross @ supernet . net (Robert H. Ross), doug @ supernet . net (Doug Ferrell), marchany @ vtserf . cc . vt . edu
In-reply-to:	Your message of "Sun, 22 Sep 96 17:30:39 EDT." <199609222130 . RAA06922 @ supernet . net>

Oh my. This CGI-BIN exploit has been circulating on the net for a couple of 
months now. If that's how they got in, shame on the WWW masters. They should 
have seen that a long time ago. The exploit bug works on Apache or NCSA httpd 
servers and there have been patches out. There's been numerous warnings about 
this in bugtrac and CERT.
 
Do a search on altavista.digital.com for 'cgi-bin exploits' or 'WWW exploits' or 
'WWW hacking" for sites that have this code ready. It's only about 20 lines long 
and is quite effective.

	-Randy Marchany
	VA Tech Computing Center
	Blacksburg, VA 24060

Follow-Ups:

Re: New attack via HTTPD
From: Wearen Life <runnerfx @ octet . com>

References:

New attack via HTTPD
From: Andy Finkenstadt <kahuna @ supernet . net>

Indexed By Date	Previous:	Re: viruswalls & firewalls From: Rael Kuperholz <rael @ idesign . com . au>
Indexed By Date	Next:	Re: Attention NT-based firewall vendors From: Dale Lancaster <dlancaster @ raptor . com>
Indexed By Thread	Previous:	Re: New attack via HTTPD From: evan @ cheney . net
Indexed By Thread	Next:	Re: New attack via HTTPD From: Wearen Life <runnerfx @ octet . com>