To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
Below is what I have (verbatim from Sunnet) as of 2 a.m. Sunday...
Larry
" 1.1 AWStats - Remote Hacker Automatic Control
-- Products Affected --
AWStats 6.x
-- Technical Description --
If the 'AllowToUpdateStatsFromBrowser' setting is enabled,
unsanitised data from the browser is passed to the 'migrate'
parameter. This allows for arbitrary shell command execution.
-- Description --
The troubled AWStats web browser statistics software has had
a new vulnerability disclosed which can allow a remote attacker to take
control of a vulnerable server. Because it relies on a setting which is
not enabled by default, the threat matrix is set lower. Previous
vulnerabilities with this software have been actively exploited and it
is considered likely that this vulnerability will soon be exploited in a
similar manner.
-- Recommended Action --
Update to version 6.6 as soon as possible.
-- Source --
OS Reviews
-- Threat Matrix --
U O
Home 7 7 (High)
Business 7 7 (High)
=======================================
/*
Threat Matrix:
U - User
O - Operator
Harmless - 0 ----- 10 - Highly Critical */
======================================= "
-----Original Message-----
From: bf [mailto:[EMAIL PROTECTED]
Sent: Monday, May 08, 2006 3:43 PM
To: Kettlewell, Larry [KO]
Cc: [EMAIL PROTECTED]; [email protected]
Subject: Re: [botnets] Honeypot rendering
Hi Larry,
The previous answers have it right.
Additionally, remote awstats exploits have been very popular for some
time now, xmlrpc is another one (the worm lupper.b comes to mind).
Does the sunnet alert address an old or new issue?
thanks,
bf
On 5/7/06, Kettlewell, Larry [KO] <[EMAIL PROTECTED]>
wrote:
> To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> ----------
> Many thanks guys-- sunnet alert just sent down re Awstats. I'll
compare
> and let you know. Looks like we were an early "recipient".
>
> Larry Kettlewell
> Chief Information Security Officer
> Kansas State Government
> [EMAIL PROTECTED]
> 785-296-8434
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Sunday, May 07, 2006 8:35 AM
> To: [email protected]
> Subject: Re: [botnets] Honeypot rendering
>
> To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> ----------
> Quoting "Kettlewell, Larry [KO]" <[EMAIL PROTECTED]>:
>
> > ---><html><head><title>Error 404</title><meta name="robots"
> >
> > --->content="noindex"><META HTTP-EQUIV="Content-Type"
> >
> > --->CONTENT="text/html; charset=iso-8859-1"></head><body><h2>HTTP
> Error
> >
> > --->404</h2><p><strong>404 Not found</strong></p></body></html>
>
> It is a recon-bot looking for awstats victims, exactl;y as rlvaughn
> stated. However the '<meta name="robots" content="noindex">' stuff
> has nothing to do with it. That part was sent from your server to the
> recon bot in the 404 header. brack
>
> -------------------------------------------------
> Email solutions, MS Exchange alternatives and extrication,
> security services, systems integration.
> Contact: [EMAIL PROTECTED]
>
>
> _______________________________________________
> To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> All list and server information are public and available to law
> enforcement upon request.
> http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
> _______________________________________________
> To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> All list and server information are public and available to law
enforcement upon request.
> http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
>
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
