hi ya kevin
On Tue, 29 Nov 2005, kevin bailey wrote:
> i have tried out lots of different things on this server and have made the
> mistake of leaving unnecessary services running.
everybody does that, one forgets to "undo the experiment environment"
and restore back to secure mode
> in this c
Rick Moen wrote:
>
> Unsafe data passed to eval(). Sheesh!
And awstats is so large, that it would require a lot of effort to do a
proper audit of it. Are their any automated tools for auditing perl code?
Or I wonder what would happen if you just switced on taint mode?
>
>>I would agree
Quoting Geoff Crompton ([EMAIL PROTECTED]):
> The most recent vulnerability that I was aware of in Awstats can still
> work even in static mode. http://www.securityfocus.com/bid/14525. The
> referrer in the log file is not sanity checked.
Hmm. I note: "It should be noted this vulnerability is o
> So, here's my favourite example of the "bad implementation" problem:
> AWstats. It's had a long history of:
>
> o Someone finds yet another way its stats-generating CGI can be subverted by
>sending it aberrant URL information from the public.
> o The upstream maintainer issues an update.
On Tuesday 29 November 2005 14.04, kevin bailey wrote:
> if backing up to another server get that server to pull backups out. on
> my new machines i was pushing out the backups from the primary server -
> this would mean a cracker would then have an easy way in to the backup
> machine because i wa
Quoting kevin bailey ([EMAIL PROTECTED]):
> what with it being several different symptoms i tend to think this is not a
> false positive.
Concur.
> cause:
>
> this is an old server which has been running for 4 years.
If such an old server is maintained and administered properly, and if
you do
thanks for the replies.
what with it being several different symptoms i tend to think this is not a
false positive.
cause:
this is an old server which has been running for 4 years.
i have tried out lots of different things on this server and have made the
mistake of leaving unnecessary services
On Tue, Nov 29, 2005 at 04:34:11AM +, kevin bailey wrote:
> hi,
>
> the following output looks like i've been rooted.
Yes, it doesn't look like a false positive:
> Checking `ls'... INFECTED
> Checking `netstat'... INFECTED
> Checking `ps'... INFECTED
> Checking `top'... INFECTED
Nasty.
> S
8 matches
Mail list logo
