Re: [bitfolk] T-DOSE

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MAndy Smith at <-
MMartian at ->

Reply to this message
Author: john lewis
Date:  
Subject: Re: [bitfolk] T-DOSE
he only Debian fix available is in sid?

I haven't looked into it much as I don't run PHP in CGI mode
anywhere (FastCGI is OK), but it seems that this is the case. 

    http://security-tracker.debian.org/tracker/CVE-2012-1823


Note that there is a workaround described in

> > http://blog.sucuri.net/2012/05/php-cgi-vulnerability-exploited-in-the-w=
ild.html

which blocks requests that have query strings that start with '-'.

Cheers,
Andy

--=20
http://bitfolk.com/ -- No-nonsense VPS hosting

--cDtQGJ/EJIRf/Cpq
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEAREDAAYFAk+qpJoACgkQIJm2TL8VSQuiuwCfRJ1msz7nofYsbJyyzrZK0xK2
OlcAoPbvrM4pednwn3j3HmHl1wBklebu
=E6Ug
-----END PGP SIGNATURE-----

--cDtQGJ/EJIRf/Cpq-- 


From ian@??? Wed May 09 17:18:05 2012
Received: from semi-divine.com ([85.119.83.38] helo=topcat.semi-divine.com)
    by mail.bitfolk.com with esmtp (Exim 4.72)
    (envelope-from <ian@???>) id 1SSAWb-0007Kb-9U
    for users@???; Wed, 09 May 2012 17:18:05 +0000
Received: from mail-pz0-f48.google.com (mail-pz0-f48.google.com
    [209.85.210.48])
    by topcat.semi-divine.com (Postfix) with ESMTPSA id ABC1584492
    for <users@???>; Wed,  9 May 2012 17:18:02 +0000 (UTC)
Received: by dadz8 with SMTP id z8so677924dad.21
    for <users@???>; Wed, 09 May 2012 10:18:00 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.231.170 with SMTP id th10mr395456pbc.126.1336583880917;
    Wed, 09 May 2012 10:18:00 -0700 (PDT)
Received: by 10.143.42.13 with HTTP; Wed, 9 May 2012 10:18:00 -0700 (PDT)
In-Reply-To: <CAOkDyE-5g0aDiQgyBTR0LRTBc8TSQeVD+BCgFz07PH8iCwUEuQ@???>
References: <20120509142238.GR12360@???>
    <CAOkDyE-5g0aDiQgyBTR0LRTBc8TSQeVD+BCgFz07PH8iCwUEuQ@???>
Date: Wed, 9 May 2012 18:18:00 +0100
Message-ID: <CAFTQQEmc6Rs1hECwKca95Vt+5ACcVtYPKpCF2gUaJfporXsKow@???>
From: Ian <ian@???>
To: users@???
Content-Type: text/plain; charset=ISO-8859-1
X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Wed,
    09 May 2012 17:18:05 +0000
X-SA-Exim-Connect-IP: 85.119.83.38
X-SA-Exim-Mail-From: ian@???
X-SA-Exim-Scanned: No (on mail.bitfolk.com); SAEximRunCond expanded to false
Subject: Re: [bitfolk] PHP-CGI exploit probes seen - please make sure your
 VPS is secured against this
X-BeenThere: users@???
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/users>,
    <mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
    <mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 17:18:05 -0000


Adam Spiers asked:

> I see a couple of scans in my logs from a few d
This message was posted to the following mailing lists:
users
Mailing List Info | Nearby Messages		<-Re: [bitfolk] IMPORTANT: You need to renumber the IP address(es)of your BitFolk VPSRe: [bitfolk] IMPORTANT: You need to renumber the IP address(es) of your BitFolk VPS->
Bitfolk Mailing List Archive administrated by List AdminLurker (version 2.3)