[horde] General help viewer exploit

Bill Graham grahamcw at hurleybulldogs.com
Thu Apr 27 07:08:58 PDT 2006 

Most , if not all, of these scans are done via direct ip address and 
not via you site DNS name. To provide some measure of relief from this, 
you could define virtual servers. One for a direct ip address that goes 
nowhere , and one for you mail DNS name that "sees" horde/imp.

Just a thought

Bill

Quoting ViliusŠumskas <vilius at lnk.lt>:

> Marcos Monge <mmonge at gmail.com> rašė:
>
>> Hi Everybody
>>
>> I think the exploit of the help viewer bug it's beginging to be widely
>> exploited.
>> In the installation of at least two of my clients I have found a rootkit and
>> irc-bot installed, that have use the help viewer exploit to gain access.
>> They still doesn't update to 3.0.10.
>
> Then it's their fault, isn't it?
>
>> Anyone more can repport attacks using this bug?
>
> Yes. I can confirm this on all (9) my servers with HTTP access.
>
> -- 
>   Best Regards,
>
>   Vilius
>
> -- 
> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>



-- 

Bill Graham
Systems Administrator
Hurley Public Schools
Hurley,SD 57036
USA
grahamcw at hurleybulldogs.com


----------------------------------------------------------------
This electronic  mail sent from Hurley Public Schools - Hurley, South Dakota
http://www.hurleybulldogs.com

NOTICE: This E-mail (including attachments) is covered by the 
Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is 
confidential and may be legally privileged. If you are not the intended 
recipient, you are hereby notified that any retention, dissemination, 
distribution, or copying of this communication is strictly prohibited. 
Please reply to the sender that you have received the message in error, 
then delete it. Thank you.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 1375 bytes
Desc: PGP Public Key
Url : http://lists.horde.org/archives/horde/attachments/20060427/efa1f40f/attachment.bin

More information about the horde mailing list