On Wed, 26 Jun 1996, Paul Danckaert wrote: > > On Wed, 26 Jun 1996, Darren Reed wrote: > > [ObSecurityNote] > > We have seen quite an increase in web-related attacks, specifically > trying to exploit cgi's with %0a (newline) characters, trying to grab > password files, and run other commands. I would recomend grep'ing > through some of your web server logs looking for passwd, %0a, %0A, and > things like that. Just in the last few weeks these attacks have > increased to the point of several a week. > Are there any other common programs (besides phf) that are linked with the util.c code that has the newline problem? I thought phf was the main problem - so a grep of phf is probably more useful (or replace phf with some perl code that mails you their vital information when it is run). Brian Mitchell brian@saturn.net Unix Security / Perl / WWW / CGI http://www.saturn.net/~brian "I never give them hell. I just tell the truth and they think it's hell" - H. Truman