---------- Snippet of forwarded message ---------- have a nice Y2K-BUG rudicarellat_private other infos: vulnerable: altavista search intranet 2.?? type: Input Validation Error object: query? remote: yes vendor: altavista .. got informed ~3 month ago) ---------- End snippet --------- Thanks to rudi for the initial post earlier today. I was able to verify the vulnerability in 2.0b and 2.3a (with the patch) on Digital Unix. I emailed AltaVista tech support shortly after reading the message to inquire about a patch to fix this hole, hopefully they'll get one out soon. At the end of this message is a simple perl script I wrote to watch the log file and send a short email when someone grabs the mgtstate file. I can't stop intruders from getting my password, but at least I can have some idea that my password has escaped. -- Edward Glowacki glowack2at_private MSU AltaVista Administrator Network Services Michigan State University #!/bin/perl # # Simple perl script to watch your logfile and notify you if someone tries to # get at mgtstate to grab your AltaVista admin password. Not elegant, but it # should work. It will check the whole log file from the beginning and # continue to monitor until interrupted (probably just want to put it in # the background and let it go). Tested on Digital Unix 4.0D. Use at your # own risk. # # useage: watch logfile email <identifier> # optional identifier to distinguish different servers if needed $logfile = ""; $email = ""; $identifier = ""; $logfile = $ARGV[0]; shift; $email = $ARGV[0]; shift; $identifier = $ARGV[0]; shift; if($logfile eq "" || $email eq "") { print("Need a logfile and email address, i.e.:\n"); print(" watch httpd/logs/access_log someone\@somewhere.com\n"); exit(0); } open(ACCESS,"/bin/tail -f -c +0 $logfile |") || die "Can't open tail of log file"; while(<ACCESS>) { if(/mgtstate/) { open(MAIL,"|/bin/mailx -s \"AltaVista intruder: mgtstate access\" $email"); if($identifier ne "") { print(MAIL "Ident: $identifier\n\n"); } print(MAIL "$_"); close(MAIL); } }
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:24:49 PDT