[5095] in WWW Security List Archive
Re: What's this ?
daemon@ATHENA.MIT.EDU (Ken Rowe)
Wed Apr 16 11:19:01 1997
Date: Wed, 16 Apr 1997 08:35:27 +0000
To: Chung-Rui Kao <kaoc@hep3.phys.sinica.edu.tw>
From: Ken Rowe <kerowe@ncsa.uiuc.edu>
Cc: www-security@ns2.rutgers.edu, irst@ncsa.uiuc.edu
In-Reply-To: <199704161108.HAA10274@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
It means that someone is trying to get your passwd file through the
phf cgi-script program. If you still have that cgi-program in your
cgi-bin directory, and you are not running shadow passwords, then someone
probably has a copy of your password file now that they can run crack on
to get passwords.
See CERT Advisories CA-96.06 and CA-97.07 for phf and test cgi advisories at
http://www.cert.org
Also, you should be running the newest version of NCSA HTTPd. V 1.3 has other
security holes that have been fixed in newer releases.
See http://www.ncsa.uiuc.edu to find that software.
Ken.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Kenneth E. Rowe Office: (217) 244-5270
Senior Security Engineer / FAX: (217) 244-1987
Security Coordinator email: kerowe@ncsa.uiuc.edu
Email irst@ncsa.uiuc.edu to contact the NCSA(tm) Incident Response Team
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=