I guess there are some *nix admins that have better things to
do than patch servers... :D
------------------------------
<http://isc.sans.org/diary.php?date=2006-10-04>
Old Webmin bug still being exploited (NEW)
Published: 2006-10-04,
Last Updated: 2006-10-05 14:53:34 UTC by Kyle Haugsness
(Version: 1)
Sometimes it isn't the latest and greatest bug that gets the
most utility from the criminals on the Internet, it's the
easiest and most reliable. We received some solid analysis
from a large hosting provider showing that Webmin versions
below 1.290 are still being actively exploited. Version 1.290
that fixes the problem was released in June 2006, so the
exploit is several months old.
To give some insight, this particular bug allows the attacker
to read any file from the target as the root user. So the
attacker is grabbing /etc/passwd and /etc/shadow from targets
and then running john the ripper against the encrypted
passwords. There is a nice auto-rooter toolkit that has a .ro
(Romania) e-mail address claiming authorship.
While there is nothing exotic or shocking about any of this,
it's still important for us to think about *NIX security. We
don't want all the *NIX folks out there feeling that Microsoft
client-side bugs are getting all the attention lately.
------------------------------
--
----------------------------------------
To unsubscribe, mailto: [EMAIL PROTECTED]
Is your picture included in the Official Win-Home List Members Profiles Page?
http://www.besteffort.com/winhome/Profiles.html
If not, write to: [EMAIL PROTECTED]
