Re: WWW Form Bug Report: "Security hole in Apache 1.0" on Linux

[Chuck Murcko <ch...@telebase.com>]

Aram W. Mirzadeh liltingly intones:
> 
> What other information do you have on this?  Especially your cgi-bin
> permissions, as well as your ht-docs permissions. 
> 
> >Symptoms:
> >--
> >We have been having security compromises on our servers running apache 1.0.
> >It appears that the only sign of an attempted attack is massive garbage in
> >the access logs.  It appears that a client sends hundreds of requests that
> >are not URLs, but rather very large and very small integers, usually 
> >ending in "127."  (ie-  we see "-23428129470105127" as a requested document
> >in our access logs.  we also sometimes see "127" "-7" and the like.)
> >

This was before some massive fixed-legth string fixes and other tightening
up of the code. He should definitely upgrade. We still get tickles here
with "..." in 'em.

chuck
Chuck Murcko	Telebase Systems, Inc.	Wayne PA	chuck@telebase.com
And now, on a lighter note:
Mother is the invention of necessity.