Bug in Apache 1.3.20 Server - Hackemate Research

[Hackemate.com.ar]

This bug (?) affects: Apache/1.3.20 Server

While, updating my site and checking out some things and
directories, I discovered something pretty interesting in the tmp
directory, there were three files, one with a "sem" extension and
the other two ones without anyone.

Files in Tmp directory:

· sess_0af4137ea55aa752a12971b3145d815b
· sess_b2e462409e859648ae96a2da84dc03ce
· session_mm.sem

Content of file "sess_0af4137ea55aa752a12971b3145d815b"

username|s:9:"matt";password|s:9:"secret";!status|lastlist|s:4:"acct";domain|s:16:"host";

as soon as i read it I realised it is nothing more and nothing less than
the server username and password to log in in PLAIN TEXT!
Obviously i changed it where "matt" is the real username and "SECRET" the password

Content of file "sess_b2e462409e859648ae96a2da84dc03ce"

username|s:9:"USERname";password|s:9:"password";!status|lastlist|s:4:"acct";domain|s:16:"host";

The last file "session_mm.sem" was empty

Research by WWW.HACKEMATE.COM <-- Contrasecurity Online

KerozenE 1999-2001 c0oL!
ICQ: 78480975
*********************************
Webmaster of www.hackemate.com.ar
hack...@softhome.net
*********************************
Moderator of the Security Mailing
http://www.eListas.net/lista/hackemate/alta
hackema...@Elistas.net
*********************************
Editor of the EZine HC&KTM
Http://www.hackemate.com.ar
hackema...@Elistas.net
*********************************

[Grant Kaufmann]

> This bug (?) affects: Apache/1.3.20 Server

This is a PHP issue and its not a bug.
This is the temporary session data for currently existing sessions. The files should be
owned by the www user and mode 600. If you don't like the data being stored there, feel
free to set the session_save_path variable in PHP >=4.0.0.

--
Grant