'Re: Write-only devices (Was read only devices)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Write-only devices (Was read only devices)
From:       Eugene Bradley <ebradley () andromeda ! rutgers ! edu>
Date:       1996-06-28 17:56:21
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----

on Jun 28, Jeff Uphoff <juphoff@tarsier.cv.nrao.edu> writes:
# "VK" == Valdis Kletnieks <Valdis.Kletnieks@vt.edu> writes:
#
# VK> Actually, they *do* use old-well-known techniques.  I'm willing to bet
# VK> a large pizza with everything on it that most sucessful attacks are
# VK> based on crack, network sniffers, and old well-known security holes
# VK> like sendmail exploits.  Remember that the number of truly innovative
# VK> crackers is very limited - 99% of them are lame adolescent-minded
# VK> wannabe's that just have toolkits of scripts and things to try....
#
# Just got a telephone call about an hour ago reporting some break-ins
# last night at another domain where the crackers exploited the WWW
# cgi-bin 'phf' vulnerability mentioned in March's CA-96.06.

Even more fun:  I got mail from the system admin of my homepage account
a few days ago stating that he had to delete the entire cgi-bin directory
because someone had used that same "phf" cgi-bin vulnerability to open up a
remote xterm session (as webmaster no less) to the site.  Turns out that:

a) the site where the attack originated was a dial-up PPP account from
   aimway.net (naturally reported to the admin of aimway.net)
b) The bad cgi-bin scripts were from NCSA httpd 1.1!  (the homepage
   account currently runs the Spinner web server @ v1.0b12)

Moral of this scenario:

When you upgrade your web server, make sure that you delete ALL
files -- especially cgi-bin related files -- from the old web server's
root directory.  (Naturally make sure you back up your site's html
files and graphics in your web server's respective main directories
for such files, with proper permissions et al. preserved.)



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMdRU/BskmjHS+zH1AQHrvQP9HlabIxNszXKHYPj0dZtlDcoq7bopp5c3
Iltlpgg3c+ZKXPLp2UsBF/ixDFbiAIgBvOqeEagQwV62K6fqmH10JT1HdLG3cE7j
yHqGwoIza5V0KylUheJiZXqz/xvPkTHWqFL7rvChJWs6KyBykOeHUsXhaR0qTNzt
4hsUtrLh1oo=
=j/u2
-----END PGP SIGNATURE-----

--
        Eugene Bradley | Student Consultant -- Rutgers-Newark CS-NET
   (also webmaster @ integration.winter.org -- finger for pgp public key)
   "What we have here is...failure to communicate." ---CHL on Rutgers U.
   <a href="http://www.armory.com/~ebradley"> Eugene's W^3 Duckpond </a>

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic