Wow, that site has a really, really nasty javascript ad-loading code
that constantly attempts to load ads, every 10 seconds or so even
(rather fast for pull-refresh!)
slick:~$ tail -45 /var/log/junkbuster
/etc/junkbuster/junkbuster: GPC
ad.doubleclick.net/ad/N668.securityfocus/B33148.6 crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/static/incident_on.gif
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/trade/tradeshowban1.gif
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/ads/NewAlwayson.gif crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/ads/SNORT.gif crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/ads/newsletter.gif crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/static/search_on.gif
/etc/junkbuster/junkbuster: GPC
ad.doubleclick.net/ad/N668.securityfocus/B33148.9 crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/SIA_upgrade/button-upgrade.gif
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/ads/BHEuro2001SF.jpg crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/ads/corebanner3.gif crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/ads/corebanner2a.gif crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/ads/certifiedBanner1.gif crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/ads/corebanner3.gif crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/ads/IObanner3loops.gif crunch!
/etc/junkbuster/junkbuster: GPC
www.securityfocus.com/images/ads/NewAlwayson.gif crunch!
/etc/junkbuster/junkbuster: GPC
www.stonylakesolutions.com/banners/IO_animation_banner.gif crunch!
(everything from doubleclick to the stonylakesolutions repeats in the
logfile SEVERAL TIMES).
Evil.
Matt Alexander wrote:
>
> Root compromise is possible in kernels 2.2.x (x <= 19) up through 2.4.y.
> (y <= 9).
>
> Here's more info:
>
> http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337&start=2001-10-15&end=2001-10-21
>
> If you've got a system with multiple users, please upgrade your kernel.
> ~M
--
jkenner @ mindspring . com__
I Support Linux: _> _ _ |_ _ _ _|
Working Together To <__(_||_)| )| `(_|(_)(_|
To Build A Better Future. | <s>
%0A>%20%0A>%20%0A>%20slick:~%24%20tail%20-45%20/var/log/junkbuster%0A>%20/etc/junkbuster/junkbuster:%20GPC%0A>%20ad.doubleclick.net/ad/N668.securityfocus/B33148.6%20crunch!%0A>%20/etc/junkbuster/junkbuster:%20GPC%0A>%20www.securityfocus.com/images/static/incident_on.gif%0A>%20/etc/junkbuster/junkbuster:%20GPC%0A>%20www.securityfocus.com/trade/tradeshowban1.gif%0A>%20/etc/junkbuster/junkbuster:%20GPC%0A>%20www.securityfocus.com/images/ads/NewAlwayson.gif%20crunch!%0A>%20/etc/junkbuster/junkbuster:%20GPC%0A>%20www.securityfocus.com/images/ads/SNORT.gif%20crunch!%0A>%20/etc/junkbuster/junkbuster:%20GPC%0A>%20www.securityfocus.com/images/ads/newsletter.gif%20crunch!%0A>%20/etc/junkbuster/junkbuster:%20GPC%0A>%20www.securityfocus.com/images/static/search_on.gif%0A>%20/etc/junkbuster/junkbuster:%20GPC%0A>%20ad.doubleclick.net/ad/N668.securityfocus/B33148.9%20crunch!%0A>%20/etc/junkbuster/junkbuster:%20GPC%0A>%20www.securityfocus.com/SIA_upgrade/button-upgrade.gif%0A>%20/etc/junkbuster/junkbuster:%20GPC%0A>%20www.securityfocus.com/images/ads/BHEuro2001SF.jpg%20crunch!%0A>%20/etc/junkbuster/junkbuster:%20GPC%0A>%20www.securityfocus.com/images/ads/corebanner3.gif%20crunch!%0A>%20/etc/junkbuster/junkbuster:%20GPC%0A>%20www.securityfocus.com/images/ads/corebanner2a.gif%20crunch!%0A>%20/etc/junkbuster/junkbuster:%20GPC%0A>%20www.securityfocus.com/images/ads/certifiedBanner1.gif%20crunch!%0A>%20/etc/junkbuster/junkbuster:%20GPC%0A>%20www.securityfocus.com/images/ads/corebanner3.gif%20crunch!%0A>%20/etc/junkbuster/junkbuster:%20GPC%0A>%20www.securityfocus.com/images/ads/IObanner3loops.gif%20crunch!%0A>%20/etc/junkbuster/junkbuster:%20GPC%0A>%20www.securityfocus.com/images/ads/NewAlwayson.gif%20crunch!%0A>%20/etc/junkbuster/junkbuster:%20GPC%0A>%20www.stonylakesolutions.com/banners/IO_animation_banner.gif%20crunch!%0A>%20%0A>%20(everything%20from%20doubleclick%20to%20the%20stonylakesolutions%20repeats%20in%20the%0A>%20logfile%20SEVERAL%20TIMES).%0A>%20%0A>%20Evil.%0A>%20%0A>%20Matt%20Alexander%20wrote:%0A>%20>%20%0A>%20>%20Root%20compromise%20is%20possible%20in%20kernels%202.2.x%20(x%20<=%2019)%20up%20through%202.4.y.%0A>%20>%20(y%20<=%209).%0A>%20>%20%0A>%20>%20Here's%20more%20info:%0A>%20>%20%0A>%20>%20http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=221337&start=2001-10-15&end=2001-10-21%0A>%20>%20%0A>%20>%20If%20you've%20got%20a%20system%20with%20multiple%20users,%20please%20upgrade%20your%20kernel.%0A>%20>%20~M%0A>%20%0A>%20%0A>%20 "Reply to this message")
(text/plain)
