OT, but related -- WAS: [Mailwatch-users] Active Probes heads up

dnsadmin 1bigthink.com dnsadmin at 1bigthink.com
Fri Feb 27 17:31:52 GMT 2009


Hello All,

Related, but not MailScanner -- from the MailWatch list group:

Hi,

I have noticed lots of web probes for...

/mailwatch/mailscanner/docs.php?doc=../../../../../../../etc/passwd%00
/mailscanner/docs.php?doc=../../../../../../../etc/passwd%00
/mailwatch-1.0.4/mailscanner/docs.php?doc=../../../../../../../etc/passwd%00
/docs.php?doc=../../../../../../../etc/passwd%00

...across a few dozen of our servers last night.  They were tied in 
with the usual web
application attacks so I get the feeling these signatures have been 
added to some script
kiddie point and click hacking tool.

If you haven't already removed / patched doc.php, now would be the time!


For those of you unaware of this vulnerability it basically allows 
you to read any file on the
server:

http://secunia.com/Advisories/31994/

Regards

Ian
-- 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list