[LINK] Re: [Oz-ISP] [defaced] www.rsa.com by Coolio (fwd)
Grant Bayley
gbayley@ausmac.net
Mon, 14 Feb 2000 01:37:11 +1100 (EST)
On Mon, 14 Feb 2000, Adam Todd wrote:
> >If this was a stock RedHat-packaged Apache 1.3.6, how was it broken into?
>
> It's not so much the Apache, although 1.3.6 has a few holes in it that are
> well documented. That's why I rushed to 1.3.9 because I had someone upload
> bd.cgi to a server I manage.
Third party CGI
>
> Red Hat is dangerously vunerable. In short, I can send packets that are
> processed by the kernel long before the filtering, firewall and router kick
> in. I can, by issuing the right sequence of events (several combinations)
> obtain a telnet shell with root access as the response.
Without further proof, this is bullshit and we both know it. Until I see
a posting from Adam Adam Todd on Vuln-Dev or Bugtraq describing these
remotely root exploitable holes in what I presume you're alleging is
ipchains or the kernel that's available in a patched-to-current RedHat
install of say 6.1 (in which case can might presume there's a bug you've
found in the tcp stack) or some other network-related component typically
used by RedHat customers, this is one of those put-up-or-shut-up
situations.
I was kinda looking for something a little more meaty than "issuing the
right sequence of events" in your response, basically. There's enough
tech knowledge on the couple of lists that these postings have gone to for
people to understand it. The information certainly won't go to waste.
> >PS: If it's third party CGI, that doesn't count.
>
> Bah - CGI's can be cracked any time :)
If you're making a refernce to RedHat, don't include those RedHat machines
running third party CGI in your "RedHat is dangerously vulnerable" stats,
if only because with a similar web server environment (chrooted, however
you want it), everything is similarly as vulnerable as RedHat (within
allowable tolerances).
Don't take this as a personal attack - I just think your claims are a
little too outlandish to be reliably believed in this case without further
detailed, descriptive proof.
Grant