[Bug 316550] Re: CVE-2008-5620- Roundcube vulnerable and actively exploited
Tillmann
t-st at t-st.org
Sat Feb 21 16:58:03 UTC 2009
Hi,
my machine has been hacked using this exploit as well. It is
incomprehensible to me how a well-known exploit that was reported as
"exploited widely" over one month ago still isn't fixed in Ubuntu.
Some more info for the (probably many) others involved:
Typically, the attacker downloads a tool such as a connect back backdoor using this exploit. E.g. php-reverse-shell or Data Cha0s Connect Back Backdoor. The machines are then used as botnet zombies, using a bot like emech.
Some more info about the attack can be found in
/var/log/apache2/error.log where you can see the wget output of the
initial backdoor download. Of course, if the attacker later on
successfully applies a local root exploit, he can remove all traces
easily.
bye,
Till
--
CVE-2008-5620- Roundcube vulnerable and actively exploited
https://bugs.launchpad.net/bugs/316550
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list