Re: NCSA httpd 1.3 vulnerability still unsolved? (And where to go to solve it?)

• To: www-security@ns1.rutgers.edu
• Subject: Re: NCSA httpd 1.3 vulnerability still unsolved? (And where to go to solve it?)
• From: spowers@shire.ncsa.uiuc.edu (Scott Powers)
• Date: Sun, 9 Apr 1995 13:02:00 -0500 (CDT)

Paul Phillips wrote:
> 
> On Tue, 4 Apr 1995 robert@cogsci.ed.ac.uk wrote:
> 
> > In other words, if all the permissions on my system are set up right,
> > so that ``nobody'' cannot do any damage, should I be bothered?
> 
> Yes.  You might be amazed at the damage that nobody can cause.  For 
> example, nobody might set up a telnet server so the hacker can log into 
> the machine.

I have to argue with this...set up a telnet server? Well..okay..supposing
"nobody" was able to _get_ the _modified_ telnet server from another site
and get it running on the hacked site...nobody is still nobody. It has _no_
login. It has no home directory. This "nobody" would have to change the
passwd file to give an account to someone...something "nobody" just cannot
do.

> Then Mr. Nobody can glean all sorts of data about your 
> internal net, and almost certainly find some more serious holes on the 
> server machine or some others.  

You can find these things out without being a login process on the machine...

> Or, Mr. Nobody might set up the machine 
> as a warez distribtuion site.  

Now this I would like to see done. With no login process.

> The level of your vulnerability depends on the presence or absence of a 
> firewall and various other factors, but I promise holes like this are not 
> harmless.
> 

I agree whole-heartedly with this. There is a vulnerability. It does exist.
I think it is a good idea to educate people that it is there and the hole
should be plugged, but let's stay within the realm of possibilities as far
as what a hacker can and cannot do.

A hacker can, with this hole, grab your passwd file, mail it to an anon
address, run a password cracker on it, THEN get access to a login on your
machine at which point all of the above scenario's do come true. As long as
you realize that it all depends on what account the hacker cracks into.

> --
> Paul Phillips       EMAIL: psp@ucsd.edu       PHONE: (619) 220-0850 
> WWW: http://www.primus.com/staff/paulp/         FAX: (619) 220-0873
> 

Scott Powers

-- 
+---------------------------------------------------------------------------+
|"Sorry, not tonite honey....I have a modem." --Anonymous                   |
+---------------------------------------------------------------------------+
|spowers@shire.ncsa.uiuc.edu                                                |
|Scott W. Powers, Research Programmer at the Software Development Group,    |
|National Center for Supercomputing Applications                            |
+---------------------------------------------------------------------------+
|Cyber Doors: http://shire.ncsa.uiuc.edu/                                   |
+---------------------------------------------------------------------------+

• Re: NCSA httpd 1.3 vulnerability still unsolved? (And where to go to solve it?)
• From: Paul Phillips <psphilli@sdcc8.UCSD.EDU>

• Previous: Re: NCSA httpd 1.3 vulnerability still unsolved? (And where to go to solve it?)
• Next: Re: NCSA httpd 1.3 vulnerability still unsolved? (And where to go to solve it?)
• Index(es):
  • Index
  • Thread