Cryptome: Server Comms Reporting for Research Effort gov.cn

[Juha-Matti Laurio <juha-matti.laurio () netti fi>]

Last week the target was gov.pk, a source of Cryptome.org is scanning gov.cn this week.

> From the report:

"A sends:
I wanted to make you aware of the following from gov.cn since it is a bit different than the others you already posted.
It appears that gov.cn has a much broader IP space than the IR and PK research I saw on your site, so a buddy of mine 
asked that I send this in to you to have your community review as a comparison to your past posts.
A congrats must go out, too... they have a setup well compared to the others.  Must be some uniformity there."

Sample here:

--clip--
www.ahfeixi.gov.cn      61.129.45.92
        SERVER IP: 61.129.45.92
PORT/PROTOCOL: 80/tcp
TYPE: NOTE
A web server is running on this port : Server: Apache/2.0.59 (Unix) PHP/4.3.5

SERVER IP: 61.129.45.92
PORT/PROTOCOL: 80/tcp
TYPE: INFO
Synopsis : The remote host is vulnerable to a Script Injection attack The remote host is running a version of PHP which 
is older than 5.0.3 or 4.3.10.
The remote version of this software is vulnerable to various security issues which may, under certain circumstances, 
allow attackers to execute arbitrary code on the remote host, provided that they can pass arbitrary data to some 
functions or bypass safe_mode. CVSS Base Score :
6 AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N Solution : Upgrade to PHP 5.0.3 or 4.3.10
CVE : CVE-2004-1018, CVE-2004-1019, CVE-2004-1020, CVE-2004-1063, CVE-2004-1064, CVE-2004-1065
BID : 11964, 11981, 11992, 12045
....
--clip--

Link:
http://cryptome.org/gov-cn.htm

Juha-Matti
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.