OT - WAY - OT
Kenneth Brody
kenbrody at bestweb.net
Sat Mar 22 11:09:05 PDT 2008
Quoting Bill Campbell (Sat, 22 Mar 2008 10:25:49 -0700):
> On Sat, Mar 22, 2008, Kenneth Brody wrote:
[...]
>> (Actually, rereading the above, I realize that I combined information from
>> several of the sites I tracked down. The web-based file manager was not
>> on the same system as the world-readable data file, and so I was not able
>> to erase the valid-looking data from the file.)
>
> I *STRONGLY* suggest that people not use webmin/usermin on *nix systems
> without very carefully restricting access to them. I have seen several
> systems compromised via these, usually as a result of bad user-level
> passwords. I have also seen root exploits via usermin of known Linux
> security problems (the chfn command on some SuSE systems could be used to
> gain root access).
[...]
But, if the script kiddies were to stop using it, then we wouldn't be able
to "fix" their scripts for them, could we? :-)
--
KenBrody at BestWeb dot net spamtrap: <g8ymh8uf001 at sneakemail.com>
http://www.hvcomputer.com
http://www.fileProPlus.com
More information about the Filepro-list
mailing list