Hey,
I've had multiple clients' Solaris boxes crashing this morning from
what appears to be a Nimda-like 'scripts/..%5c../root.exe', and the usual.
The same old unicode characters are present [%2f, %5c] but a new one has
appeared I haven't seen yet. This line:
'
/msadc/..%5c../..%5c../..%5c/..Á
../..Á
../..Á
../winnt/system32/cmd.exe '
appears a few times and I'm not quite sure what to make of it...
Please keep in mind that came from a Solaris box, Apache log.
Whatever this (maybe) new bug is, it's blowing up these boxes left and
right...can't figure it out. They're all relatively new 1.3'ish versions I
think.
Anyone else seeing anything weird?
----------------------------------------|
Ralph M. Los
Sr. Security Consultant and Trainer
EnterEdge Technology, L.L.C.
rlosat_private
(770) 955-9899 x.206
----------------------------------------|
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Feb 26 2002 - 12:18:33 PST