[2156] in NetBSD-Development
lots of mail generated by master.passwd file
daemon@ATHENA.MIT.EDU (Angie Kelic)
Sat Dec 1 13:31:06 2001
Message-Id: <200112011831.NAA11270@cutter-john.mit.edu>
To: netbsd-dev@MIT.EDU
Date: Sat, 01 Dec 2001 13:31:03 -0500
From: Angie Kelic <sly@MIT.EDU>
The lists net-security, webmaster, and web-request (and likely others)
have all been receiving large quantities of mail of the form listed
below, due to a search command that was posted on bugtraq that turns
up the master.passwd file
http://www.mit.edu/afs/sipb/system/config/passwd/i386_nbsd1/master.passwd
Can someone either put a note in big letters in the file telling peopel
it's not a security risk or acl it so that every person that reads
bugtraq and bothers to try these things or gets a forward stops sending
us mail?
Thanks
------- Forwarded Message
Return-Path: <lisanti@MIT.EDU>
Received: from central-city-carrier-station.mit.edu by po14.mit.edu (8.9.2/4.7) id GAA09210; Sat, 1 Dec 2001 06:53:05 -0500 (EST)
Received: from melbourne-city-street.mit.edu (MELBOURNE-CITY-STREET.MIT.EDU [18.7.21.86])
by central-city-carrier-station.mit.edu (8.9.2/8.9.2) with ESMTP id GAA22399
for <webmaster-internal@MIT.EDU>; Sat, 1 Dec 2001 06:53:05 -0500 (EST)
Received: from kiri.mit.edu (KIRI.MIT.EDU [18.152.1.96])
by melbourne-city-street.mit.edu (8.9.2/8.9.2) with ESMTP id GAA07385
for <webmaster-internal@mit.edu>; Sat, 1 Dec 2001 06:53:03 -0500 (EST)
Received: (from lisanti@localhost) by kiri.mit.edu (8.9.3)
id GAA05997; Sat, 1 Dec 2001 06:53:04 -0500 (EST)
Resent-Message-Id: <200112011153.GAA05997@kiri.mit.edu>
Delivery-Date: Sat Dec 1 00:13 EST 200
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by menelaus.mit.edu (8.9.3) with ESMTP
id AAA25565; Sat, 1 Dec 2001 00:13:41 -0500 (EST)
Received: from grand-central-station.mit.edu (GRAND-CENTRAL-STATION.MIT.EDU [18.7.21.82])
by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id AAA04466;
Sat, 1 Dec 2001 00:13:40 -0500 (EST)
Received: from manawatu-mail-centre.mit.edu (MANAWATU-MAIL-CENTRE.MIT.EDU [18.7.21.85])
by grand-central-station.mit.edu (8.9.2/8.9.2) with ESMTP id AAA04522
for <web-request@MIT.EDU>; Sat, 1 Dec 2001 00:13:40 -0500 (EST)
Received: from pellenes-shoshonensis.mit.edu (PELLENES-SHOSHONENSIS.MIT.EDU [18.7.21.69])
by manawatu-mail-centre.mit.edu (8.9.2/8.9.2) with ESMTP id AAA12703
for <web-request@MIT.EDU>; Sat, 1 Dec 2001 00:13:39 -0500 (EST)
Received: (from www@localhost) by pellenes-shoshonensis.mit.edu (8.9.3+Sun)
id AAA01220; Sat, 1 Dec 2001 00:13:39 -0500 (EST)
Date: Sat, 1 Dec 2001 00:13:39 -0500 (EST)
Message-Id: <200112010513.AAA01220@pellenes-shoshonensis.mit.edu>
Received: from 24.128.180.107 by web-forms.mit.edu with HTTP;
Sat, 01 Dec 2001 00:13:39 EST
X-Mailer: cgiemail 1.3
(form="http://web.mit.edu/comment-form.html")
(action="/bin/cgiemail/afs/net/admin/www/root/comment-form.txt")
From: whitehat@no.com
To: web-request@MIT.EDU
Subject: BAD vulnerability
Errors-To: lisanti@MIT.EDU
Content-Type: text
Resent-To: webmaster-internal@MIT.EDU
Resent-Date: Sat, 01 Dec 2001 06:53:04 -0500
Resent-From: Suzana Lisanti <lisanti@MIT.EDU>
ok guys your password files are wide in the open i recently learned of an exploit of search engines in bugtraq typed it in and sure enough it worked gave me complete access to this shadowed yes but it gives logins and that's a start
http://www.mit.edu/afs/sipb/system/config/passwd/i386_nbsd1/master.passwd i suggest u change the permissions on this and any other pwd file that you have.
- ----
This message was sent using http://web.mit.edu/comment-form.html. The address
whitehat@no.com was typed manually, and may be incorrect.
------- End of Forwarded Message
