Possible Apache 2.0.47 / PHP 4.3.2 / Gentoo Exposure Problem

[chrisc]

Hi, I'm not a Gentoo user but was using netcat to view a server running Gentoo today. I connected to the server running the above configuration and type ``GET /'' (I know it's not standard compliant, but it works ;)). The server proceeded to kick out a LOT of noise. Inside this noise appears to be (I don't know the distro, hence ``possible...'') start-up scripts and details pertaining to dependencies (possibly the Gentoo port system?). Whatever it is it appears to be a Bourne Shell script. I have advised the admin of that system, and he hasn't got back to me yet, so I'm sorry if this is just a problem with his configuration. I also do not have another server running a similar configuration to find out if this problem is just Gentoo-based, or is a problem with one of the two packages stated (although it looks like PHP has tried to format the data, the top half of this data appears to be phpinfo();). I doubt it's exploitable, as the user has no way to use any of this data directly (although indirectly it may help)...but, if this data were edited, and the changes would want to be kept private this is a problem.

As I said, sorry if this is waste of time.