I don't have seen that CERT report yet, but I suppose that this is
f 27567 4430 outbox.sw.webdist var/www/cgi-bin/webdist.cgi
on O2.
I asked some month about these *.sysadm and *.webdist susbsystems in
comp.os.sgi.* -groups, but nobody commented.
Is anybody looked these *.sysadm subsystems closer.
It looks quite suspicious:
oxygen 2% showfiles outbox | grep cgi-bin
f 37853 1197 outbox.sw.outbox var/www/cgi-bin/MachineInfo
f 35963 2434 outbox.sw.outbox var/www/cgi-bin/handler
f 59162 37700 outbox.sw.outbox var/www/cgi-bin/machine-cgi
f 51763 37700 outbox.sw.outbox var/www/cgi-bin/outbox-cgi
f 21944 703 outbox.sw.outbox var/www/cgi-bin/sgi-camera/snap
f 27567 4430 outbox.sw.webdist var/www/cgi-bin/webdist.cgi
f 18006 3040 outbox.sw.webdist var/www/cgi-bin/webdist.install.cgi
f 52607 20808 outbox.sw.outbox var/www/cgi-bin/wrap
oxygen 3% showfiles sysadmdesktop | grep cgi-bin
f 57427 6301 sysadmdesktop.sw.sysadm var/www/cgi-bin/DtConfAllDone.cgi
f 1454 14634 sysadmdesktop.sw.sysadm var/www/cgi-bin/QuitSysSetup.cgi
f 32731 7591 sysadmdesktop.sw.sysadm var/www/cgi-bin/SysSetWrapper.cgi
f 41666 3828 sysadmdesktop.sw.sysadm var/www/cgi-bin/checkProc.cgi
f 37959 54084 sysadmdesktop.sw.sysadm var/www/cgi-bin/ghinv/ghinvMain
f 51601 33604 sysadmdesktop.sw.sysadm var/www/cgi-bin/ghinv/memdetail
f 35099 22207 sysadmdesktop.sw.sysadm var/www/cgi-bin/wwwActions.cgi
f 7396 14511 sysadmdesktop.sw.sysadm var/www/cgi-bin/wwwDone.cgi
oxygen 4%
(Yes. I have disabeld access to these in
/usr/ns-home/httpd-oxygen/config/obj.conf
)
/ Kari Hurtta