From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Description of problem: I am using RedHat 7.3 with Apache 1.3.23. Someone used the program "bugtraq.c" to explore an modSSL buffer overflow to get access to a shell. The attack creates a file named "/tmp/.bugtraq.c" and compiles it using gcc. The program is started with another computer ip address as argument. All computer files that the user "apache" can read are exposed. The program attacks the following Linux distributions: Red-Hat: Apache 1.3.6,1.3.9,1.3.12,1.3.19,1.3.20,1.3.22,1.3.23,1.3.26 SuSe: Apache 1.3.12,1.3.17,1.3.19,1.3.20,1.3.23 Mandrake: 1.3.14,1.3.19 Slakware: Apache 1.3.26 Regards Fernando Nunes Portugal Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: Execute the program /tmp/.bugtraq or a simplified version of it. Actual Results: The shell scripts included in the program are executed using the owner of the http process in the target machine Additional info:
This vulnerability is in OpenSSL and was fixed by our update; see http://rhn.redhat.com/errata/RHSA-2002-155.html and the replacement http://rhn.redhat.com/errata/RHSA-2002-160.html