Wird verwendet für den Verbindungsaufbau zwischen dem Medienserver und den (Windows-)RemoteAgent von Veritas Backup-Exec Since then Scanning for port 10000 has been astronomically high. On 24th of June 2005, the metasploit plugin for the Veritas Backup Exploit was released. Port 10000 is the default port used by the Zabbix agent. That can be exploited without needing authentication to WEBMIN. There is a format-string vulnerability in the PERL code for WEBMIN, Used by CISCO VPN-Client (TCP and UDP) - IPSec over TCP or over UDP. Thom del la Franssen and Marco del Semmlero This port is also used by Sage MAS90/200 accounting software Both these were used in the auto-rooters I was able to capture. Look for a directory called w, and/or a file called pscan2. You should see a great deal of requests for /etc/shadow. If you're running Webmin or Usermin, take a look at your miniserv.log (/var/log/webmin/miniserv.log). Versions of Webmin older than 1.290 are effected by BID 18744, as well as versions of Usermin older than 1.220. There is also a format string bug and integar overflow in Webmin, but there are no public sploits for them (CANVAS has one). There was also a Metasploit module published recently for the vuln. The mass auto-rooters that I've captured for this vuln request /etc/shadow, and then send the file via email to a yahoo account by default. There is a vuln from J(BID 18744 CVE-2006-3392) which allows an attacker to request an arbitrary file from the remote host without authenticating to webmin. This is the kiddies looking for hosts running Webmin on Usermin. are bad passwords and should be changed to something better (I have seen all of these passwords in use on real systems).An article in Red Hat magazine (issue 10, August 05) suggests to bind nfs ports to Any variant of 'letmein', 'password', 'remember', etc. A strong password is one that is eight or more characters in length, has numbers or symbols and letters, and is not based on a dictionary word. 90% of systems that I've seen exploited have been because of weak passwords (the other 10% due to bugs in older versions of software-patched versions were available, but the system was running an unpatched version). Even better if you have a 'real' certificate, or make sure you import the correct self-signed cert for your box.identity is about 50% of the value of SSL.ģ. Password time outs are in place for a reason (HTTP is stateless, so you can't use the ssh technique of pausing on a bad password to reduce brute force attacks.you can only disable the account for a short time in the event of repeated bad passwords). Don't disable the security features that are enabled by default. I've never had a Webmin installation compromised, and I've probably maintained more Webmin systems than 99% of people (my previous company had several hundred proxy caches in the field, all running Webmin), and the only precaution we took really seriously was updating within 24 hours of a new release-across all systems.Ģ. Jamie has a great record of rolling out security fixes within a day or two, and sometimes even hours, of an exploit being exposed. Make sure you're always running the latest version. Since Webmin security has come up a few times over the past few days, I'll mention a few aspects of keeping Webmin safe (similar to most root-level services, like ssh and ftp daemons.some extra caution is advised):ġ. Webmin doesn't care what port it runs on (likewise for Usermin).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |