Home page logo

bugtraq logo Bugtraq mailing list archives

AltaVista followup and monitor script
From: glowack2 () KEY-LARGO CL MSU EDU (Edward Glowacki)
Date: Wed, 29 Dec 1999 23:33:22 -0500

---------- Snippet of forwarded message ----------

have a nice Y2K-BUG

rudicarell () hotmail com

other infos:

vulnerable: altavista search intranet 2.??
type: Input Validation Error
object: query?
remote: yes
vendor: altavista .. got informed ~3 month ago)

---------- End snippet ---------

Thanks to rudi for the initial post earlier today.  I was able to verify
the vulnerability in 2.0b and 2.3a (with the patch) on Digital Unix. I
emailed AltaVista tech support shortly after reading the message to
inquire about a patch to fix this hole, hopefully they'll get one out
soon.  At the end of this message is a simple perl script I wrote to watch
the log file and send a short email when someone grabs the mgtstate file.
I can't stop intruders from getting my password, but at least I can have
some idea that my password has escaped.

Edward Glowacki                         glowack2 () msu edu
MSU AltaVista Administrator             
Network Services
Michigan State University       

# Simple perl script to watch your logfile and notify you if someone tries to
# get at mgtstate to grab your AltaVista admin password.  Not elegant, but it
# should work.  It will check the whole log file from the beginning and
# continue to monitor until interrupted (probably just want to put it in
# the background and let it go).  Tested on Digital Unix 4.0D. Use at your
# own risk.
# useage:  watch logfile email <identifier>
#   optional identifier to distinguish different servers if needed

$logfile = "";
$email = "";
$identifier = "";

$logfile = $ARGV[0];
$email = $ARGV[0];
$identifier = $ARGV[0];

if($logfile eq "" || $email eq "") {
    print("Need a logfile and email address, i.e.:\n");
    print("  watch httpd/logs/access_log someone\ () somewhere com\n");

open(ACCESS,"/bin/tail -f -c +0 $logfile |") || die "Can't open tail of log file";

while(<ACCESS>) {
    if(/mgtstate/) {
        open(MAIL,"|/bin/mailx -s \"AltaVista intruder: mgtstate access\" $email");
        if($identifier ne "") {
            print(MAIL "Ident: $identifier\n\n");
        print(MAIL "$_");

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]