Security Incidents mailing list archives
Re: Scans on Port 98 (linuxconf)
From: lamont () ICOPYRIGHT COM (Granquist, Lamont)
Date: Tue, 4 Apr 2000 11:07:30 -0700
http://oliver.efri.hr/~crv/security/bugs/Linux/lconf4.html from http://www.google.com/search?q=cache:lwn.net/1999/1223/bigpage.phtml: Linuxconf exploit found, but not confirmed to work. Elias Levy reported that, after the Incidents mailing lists reported many probes on port 98, the port used by linuxconf for its HTTP interface, an exploit for linuxconf was found. However, the exploit code that was found does not work, at least not against current versions of linuxconf. Jacque Gelinas, linuxconf author and maintainer, has been made aware of the potential problem and sent us this detailed response. To summarize, yes, port 98 is being probed on many hosts, we do not yet have proof that an exploit is possible and no one has reported a vulnerability that might be related to linuxconf. Current versions of linuxconf disable the HTTP interface by default and are therefore safe unless you have explicitly enabled that interface. Making sure your version of linuxconf has the HTTP interface disabled might be a good idea for the time being. If you are using a version of linuxconf prior to version 1.11, you might also want to consider upgrading to a newer version. And the URL to the "detailed reponse": http://lwn.net/1999/1223/a/linuxconfresponse.html Being paranoid, I assume that it is exploitable. On Mon, 3 Apr 2000, Crist J. Clark wrote:
[Sorry if this has been mentioned in the last day or two, I only had archive access to incidents before Apr 01.] We have been hit with port 98 scans from hosts 216.6.21.33 and 216.5.194.100 (na.sdn.net.za) in the last few hours. I can understand why 98, linuxconf, might be of some interest, but I did not find any known exploits to linuxconf at www.securityfocus.com. Are there any? For which specific Linux dists? Such high interest in 98 in such a short time a coincidence? Thanks for any help. -- Crist J. Clark cjc () scitec com SciTec, Inc (609)921-3892 x252
Current thread:
- Scans on Port 98 (linuxconf) Crist J. Clark (Apr 03)
- Re: Scans on Port 98 (linuxconf) Granquist, Lamont (Apr 04)