You are here: home > Forum

Virus ve sa tsia ?

Lohahevitra : Informatika
Fitohizan'ny hafatra : Virus ve sa tsia ?
Valiny : 6
aristar - 11/01/2004 19:21
Mba mila fanazavana avy @mpiandraikitran'ny sehetra aho na ny olona izay mahafatatra momba ity zavatra mitranga matetika @ordinaterako intelo na efatra isan'anjo.

Norton Internet Security Professional has detected and blocked an intrusion attempt.
Time : 21:04
Date : 11/01/2004
Intrusion : AltaVista_Traversal
Intruder : serasera.myftp.org(213.44.225.203)(9000)

Minitra vitsy avy eho dia tapaka ny hira henoko. Mila miditra mitsikilo ao @ordinatera ve http://hira.serasera.org voa afaka miheno hira saha virus io.

Misaotra betsaka
Valio | Miverina eny ambony
hery - 11/01/2004 19:48
Salut aristar,

Tena tsy arako ny momba an'io. Fanamarihana fotsiny fa ny hira mandeha ao amin'ny http://hira.serasera.org dia tsy amin'ny serveur miaraka amin'ny site serasera.org rehetra fa amin'ny serveur anakiray hafa. (Jereo ny fanazavana ao amin'ny http://hira.serasera.org ihany) Noho izany dia tsy maintsy mifandray amin'io serveur io aho hijerena hoe inona no olana ao aminy.
Misaotra.
Valio | Miverina eny ambony
aristar - 12/01/2004 20:32
Manahoana daholo,

Nandeha tany @ Symantec aho dia izaho no itako tany momban'ny AlataVista_Traversal:

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Attack Category: Unauthorized Access

These attacks use unusual systems in an attempt to access computers. An unauthorized access signature might detect an attempt to gain remote root access to a Unix server.

Description

The Alta Vista Search Engine software contains a cgi-bin vulnerability that allows an intruder to submit a specific query and access directory files to which they are not authorized.

This signature detects attempts to use a directory traversal to read files and directories outside of the web server's scope.

Tokony mba jerena ihany avy @ serveur aiza io. Eto amiko dia "blocked" io faha any @ordinateran'ny sasany dia fantatra izay mety hataony.
Valio | Miverina eny ambony
aristar - 12/01/2004 20:37
Fanampiny :

Additional Information

The AltaVista Search engine sets up a Web server at port 9000 to listen for search queries. The Alta Vista search engine includes a CGI that accepts "../" in standard queries. This allows an attacker to access sensitive files in the HTTP directory which is one level above the search engine. Sensitive files in this directory include the trivially encrypted password for the remote administration utility. The CGI in question also processes additional "../" strings if they are encoded in Hex (%2e%2e%2f). This would allow an attacker to access files throughout the host system.

Links

CVE-2000-0039

NIPC, Cyberissue 2000.01

SecurityFocus Bugtraq ID 896

Vulnerable Components

AltaVista Search Engine 2.0b for NT
AltaVista Search Engine 2.0b for Solaris

AltaVista Search Engine 2.0b for Tru64
AltaVista Search Engine 2.3A for NT

AltaVista Search Engine 2.3A for Solaris
AltaVista Search Engine 2.3A for Tru64

Valio | Miverina eny ambony
hery - 12/01/2004 10:25
Salut aristar

Hijery ny antsipirihany ao amin'ny Symantec aho. Dia hi-contacter amin'i Lanto eto amin'ny serasera. Any aminy io serveur mpandefa hira io.
Hihaino hira ihany kou aho hijereko azy. Rehefa novakiako mantsy dia misy fifandraisany amin'ny Altavista ilay izy... aristar ve mampiasa Altavista matetika?
Valio | Miverina eny ambony
aristar - 12/01/2004 17:16
Salut Hery

Tsy mampiasa Altavista mihintsy aho. Google noho ampiasaiko.
Rehefa mihaino hira dia mampiasa metitika ny "Recherche" hitadiavako hira.
Valio | Miverina eny ambony
aristar - 17/01/2004 12:32
Nahita valiny ve i Lanto ? Tsy i serasera ihany noho nahitako an'i AltaVista_Traversal faha http://www.radiogasy.net koa. Mandrerako indraindray faha rehefa feno ny olona mihaino hira na tonga ilay attack io dia tsy afaka mihaino hira intsony mandritra adin'iray na roa. Ny ordinatereko dia ne risque rien satria bloqué ny port 9000 sy ny port hafa azonin'ny virus sy chevaux de Troie hidirana faha ny serveur ny http://hira.serasera.org ve indray andro any mety ho voasimba eo ny fichiers dia tsy afaka mihaino hira eo intsony ny namana? Voatery mampiasa an'i moteur de recherche AltaVista ve ry Lanto ?
Valio | Miverina eny ambony