| VID |
21047 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The "/cgi-bin/gH.cgi" cgi seems to be present. The CGI is a trojan installed in Apache 1.3.4 that can be used to control your system or make it attack another network. The source file of the backdoor exists in the following site:
http://packetstorm.securify.com/UNIX/penetration/rootkits/
It is very likely that the web server has been compromised.
* References:
http://packetstormsecurity.org/UNIX/penetration/rootkits/gH-cgi.c |
| Recommendation |
Remove the 'gH.cgi' file from /cgi-bin directory immediately..
If the backups of the server is available, restore the server from backups, and contact CERT and your local authorities. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
