Network Security: Detailed info on Re: Systems compromised with ShellBOT perl script

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

Re: Systems compromised with ShellBOT perl script - part 2

from [Dave] Network Security

[Permanent Link]

Subject:	Re: Systems compromised with ShellBOT perl script - part 2
Date:	Wed, 20 Oct 2004 09:30:43 -0700

This is from the httpd-2.0.46-40.ent change log, you'll note that most of these can be considered exploitable hacks, and each and every one of them applies to your current install of 32.ent

- mod_dav_fs: security fix for indirect lock refresh (CAN-2004-0809)
- mod_dav_fs: fix indirect lock handling on 64-bit platforms
- add security fixes for CAN-2004-0747, CAN-2004-0786
- mod_ssl: add security fix for CAN-2004-0751
- split security fix for CAN-2004-0748 out from -sslio patch
- merge ap_rgetline_core NUL-termination fixes from 2.0.5[01]
- have -devel require httpd of same V-R
- drop suexec minimum acceptable gid to 100 (#127667)
- mod_ssl: security fix for overflow in FakeBasicAuth (CVE CAN-2004-0488)


Those are just httpd, leaving out the kernel and php hack fixes.

If you dont have it set automatically, you need to have up2date download and update manually once per day. Judging by your current packages, you havent updated since March... This is not a good thing :(

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: DoS worm, (continued) Re: DoS worm, Nick FitzGerald Re: Systems compromised with ShellBOT perl script - part 2, Jeffrey Denton Re: Systems compromised with ShellBOT perl script - part 2, Martin Mačok Re: Systems compromised with ShellBOT perl script - part 2, Harry de Grote Re: Systems compromised with ShellBOT perl script - part 2, Stephen J. Smoogen RE: Systems compromised with ShellBOT perl script - part 2, KEM Hosting Re: Systems compromised with ShellBOT perl script - part 2, Thomas Hochstein Re: Systems compromised with ShellBOT perl script - part 2, Paul Schmehl RE: Systems compromised with ShellBOT perl script - part 2, KEM Hosting RE: Systems compromised with ShellBOT perl script - part 2, Poof Re: Systems compromised with ShellBOT perl script - part 2, Dave <= Re: Systems compromised with ShellBOT perl script - part 2, Chris Norton

Previous by Date:	RE: Systems compromised with ShellBOT perl script - part 2, Poof
Next by Date:	DoS worm, David Gillett
Previous by Thread:	RE: Systems compromised with ShellBOT perl script - part 2, Poof
Next by Thread:	Re: Systems compromised with ShellBOT perl script - part 2, Chris Norton
Indexes:	[Date] [Thread] [Top] [All Lists]