Re: [webmin-l] hacker attempt to get /etc/shadow

[Obantec S. <su...@ob...>]

----- Original Message ----- 
From: "Jamie Cameron" <jca...@we...>
To: "Webmin users list" <web...@li...>
Sent: Saturday, September 02, 2006 4:25 PM
Subject: Re: [webmin-l] hacker attempt to get /etc/shadow


> On 2/Sep/2006 04:26 Obantec Support wrote ..
> > Hi
> >
> > any idea what this is in /var/webmin/miniserv.error
> >
> > [26/Aug/2000] [24.119.41.35]
> >
/unauthenticated//..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
> >

/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
> >

/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
/..
> > 
/..
/..
/..
/..
/..
/..
/..
/..
//etc/shadow : File not found
> >
> > errors above and below are 2006 so the date is odd!
>
> This looks like an attempt to exploit a bug in Webmin that existed in
versions
> before 1.290, which could be used to access any file on the system
(including
> /etc/shadow). I strongly recommend upgrading to 1.290 if you haven't
already ..
>
>  - Jamie
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> -
> Forwarded by the Webmin mailing list at
web...@li...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list
>
>
>
> -- 
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.1.405 / Virus Database: 268.11.7/436 - Release Date: 01/09/2006
>
>

I am running 1.290

Thanks

Mark