Hi... After installing Redhat 6.0, I looked around a bit and I noticed something interesting: In /home/httpd/cgi-bin there is a CGI program called cachemgr.cgi, and it can be accessed by remote users by default. So I went to look at it, and I noticed that what it does is it lets any user connect to any hostname/port he/she chooses via the interface it provides.. and then see the connection results - if the connection was not successful it prints out the full connect() error; otherwise it just stays frozen, waiting for HTTP data, or httpd might give you an "Internal Server Error" - Both of those mean that a connection has been established. This is what it looks like from lynx: Cache Manager Interface This is a WWW interface to the instrumentation interface for the Squid object cache. _________________________________________________________________ Cache Host: localhost_____________________ Cache Port: 3128__________________________ Manager name: ______________________________ Password: ______________________________ Continue... This is, obviously, not good, because this CGI program can be used as a powerful portscanning or a denial of service tool. I suggest that Redhat 6.0 users check to see if they have it, and then disable it if they do. - Daniel (danielat_private)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:53:17 PDT