I am using RedHat 7.3 with Apache 1.3.23. Someone used the program "bugtraq.c" to explore an modSSL buffer overflow to get access to a shell. The attack creates a file named "/tmp/.bugtraq.c" and compiles it using gcc. The program is started with another computer ip address as argument. All computer files that the user "apache" can read are exposed. The program attacks the following Linux distributions: Red-Hat: Apache 1.3.6,1.3.9,1.3.12,1.3.19,1.3.20,1.3.22,1.3.23,1.3.26 SuSe: Apache 1.3.12,1.3.17,1.3.19,1.3.20,1.3.23 Mandrake: 1.3.14,1.3.19 Slakware: Apache 1.3.26 Regards Fernando Nunes Portugal
