Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Scans on Port 98 (linuxconf)

From: lamont () ICOPYRIGHT COM (Granquist, Lamont)
Date: Tue, 4 Apr 2000 11:07:30 -0700

http://oliver.efri.hr/~crv/security/bugs/Linux/lconf4.html

from http://www.google.com/search?q=cache:lwn.net/1999/1223/bigpage.phtml:

Linuxconf exploit found, but not confirmed to work.

Elias Levy reported that, after the Incidents mailing lists reported many
probes on port 98, the port used by linuxconf for its HTTP interface, an
exploit for linuxconf was found. However, the exploit code that was found
does not work, at least not against current versions of linuxconf. Jacque
Gelinas, linuxconf author and maintainer, has been made aware of the
potential problem and sent us this detailed response. To summarize, yes,
port 98 is being probed on many hosts, we do not yet have proof that an
exploit is possible and no one has reported a vulnerability that might be
related to linuxconf.

Current versions of linuxconf disable the HTTP interface by default and
are therefore safe unless you have explicitly enabled that interface.
Making sure your version of linuxconf has the HTTP interface disabled
might be a good idea for the time being. If you are using a version of
linuxconf prior to version 1.11, you might also want to consider upgrading
to a newer version.

And the URL to the "detailed reponse":

http://lwn.net/1999/1223/a/linuxconfresponse.html

Being paranoid, I assume that it is exploitable.

On Mon, 3 Apr 2000, Crist J. Clark wrote:

[Sorry if this has been mentioned in the last day or two, I only had
archive access to incidents before Apr 01.]

We have been hit with port 98 scans from hosts 216.6.21.33 and
216.5.194.100 (na.sdn.net.za) in the last few hours.

I can understand why 98, linuxconf, might be of some interest, but I
did not find any known exploits to linuxconf at
www.securityfocus.com. Are there any? For which specific Linux dists?
Such high interest in 98 in such a short time a coincidence?

Thanks for any help.
--
Crist J. Clark                              cjc () scitec com
SciTec, Inc                             (609)921-3892 x252
Previous By Date Next
Previous By Thread Next

Current thread: