Hey everybody.
Quick bit o' info for you guys:
The recent awstats vulnerability is pretty hairy, and if you run
awstats, you'll want to upgrade NOW. It allows remote command execution
via the URL, and there's some pretty high profile people getting nailed
by it.
I've gotten probed, and I've confirmed I'm vulnerable - and luckily I
haven't gotten exploited yet. A friend of mine was saved by a full disk
and an awful script kiddie, and a former coworker of mine is
reformatting his box now, too.
Upgrade now, check your access_logs for 'configdir' and cross your fingers!
Adam
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Feb 16 10:12:55 2005
This archive was generated by hypermail 2.1.8 : Wed Feb 16 2005 - 10:12:55 AKST