Last week the target was gov.pk, a source of Cryptome.org is scanning gov.cn
this week.
From the report:
"A sends:
I wanted to make you aware of the following from gov.cn since it is a bit
different than the others you already posted.
It appears that gov.cn has a much broader IP space than the IR and PK research
I saw on your site, so a buddy of mine asked that I send this in to you to have
your community review as a comparison to your past posts.
A congrats must go out, too... they have a setup well compared to the others. Must
be some uniformity there."
Sample here:
--clip--
www.ahfeixi.gov.cn 61.129.45.92
SERVER IP: 61.129.45.92
PORT/PROTOCOL: 80/tcp
TYPE: NOTE
A web server is running on this port : Server: Apache/2.0.59 (Unix) PHP/4.3.5
SERVER IP: 61.129.45.92
PORT/PROTOCOL: 80/tcp
TYPE: INFO
Synopsis : The remote host is vulnerable to a Script Injection attack The
remote host is running a version of PHP which is older than 5.0.3 or 4.3.10.
The remote version of this software is vulnerable to various security issues
which may, under certain circumstances, allow attackers to execute arbitrary
code on the remote host, provided that they can pass arbitrary data to some
functions or bypass safe_mode. CVSS Base Score :
6 AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N Solution : Upgrade to PHP 5.0.3 or 4.3.10
CVE : CVE-2004-1018, CVE-2004-1019, CVE-2004-1020, CVE-2004-1063,
CVE-2004-1064, CVE-2004-1065
BID : 11964, 11981, 11992, 12045
....
--clip--
Link:
http://cryptome.org/gov-cn.htm
Juha-Matti
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
