funsec mailing list archives
Cryptome: Server Comms Reporting for Research Effort gov.cn
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Thu, 13 Dec 2007 01:47:56 +0200 (EET)
Last week the target was gov.pk, a source of Cryptome.org is scanning gov.cn this week.
From the report:
"A sends: I wanted to make you aware of the following from gov.cn since it is a bit different than the others you already posted. It appears that gov.cn has a much broader IP space than the IR and PK research I saw on your site, so a buddy of mine asked that I send this in to you to have your community review as a comparison to your past posts. A congrats must go out, too... they have a setup well compared to the others. Must be some uniformity there." Sample here: --clip-- www.ahfeixi.gov.cn 61.129.45.92 SERVER IP: 61.129.45.92 PORT/PROTOCOL: 80/tcp TYPE: NOTE A web server is running on this port : Server: Apache/2.0.59 (Unix) PHP/4.3.5 SERVER IP: 61.129.45.92 PORT/PROTOCOL: 80/tcp TYPE: INFO Synopsis : The remote host is vulnerable to a Script Injection attack The remote host is running a version of PHP which is older than 5.0.3 or 4.3.10. The remote version of this software is vulnerable to various security issues which may, under certain circumstances, allow attackers to execute arbitrary code on the remote host, provided that they can pass arbitrary data to some functions or bypass safe_mode. CVSS Base Score : 6 AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N Solution : Upgrade to PHP 5.0.3 or 4.3.10 CVE : CVE-2004-1018, CVE-2004-1019, CVE-2004-1020, CVE-2004-1063, CVE-2004-1064, CVE-2004-1065 BID : 11964, 11981, 11992, 12045 .... --clip-- Link: http://cryptome.org/gov-cn.htm Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Cryptome: Server Comms Reporting for Research Effort gov.cn Juha-Matti Laurio (Dec 13)
- Infiltrating carder/RBN/etc economies? Bruce Ediger (Dec 17)