There was not another package installed. This was a new machine with
things done only thought apt-get.
--
Eddie Tejeda
On Mar 4, 2006, at 7:37 PM, Ben Hutchings wrote:
Eddie Tejeda <[EMAIL PROTECTED]> wrote:
Someone was able to install zbind on my machine using the
following scripts.
The damage was limited to www-data, a restricted user, and logs
were able
to monitor behaviour, but posed a large threat.
<snip>
I notice that the attacker tried a number of different URLs. Is it
possible that there was a second version of awstats installed, aside
from the packaged version, and that that was vulnerable to the
configdir
exploit?
Ben.
--
Ben Hutchings
Everything should be made as simple as possible, but not simpler.
- Albert
Einstein
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]