This notice is being posted so you can protect yourself.
ANYONE USING EPOCH'S epoch-add-pass.cgi is vulnerable to hackers.
There are new toos out to scan for sites that use this script and automatically
hack into it and gain root access on your server.
Disclaimer: SplitInfinity Networks has caught several hackers using this exploit.
Although we have caught them both on our network and other networks, we cannot verify that this problem is wide-spread because epoch may have a newer version of their scripts out now. All we will say is that you had better check and
be damn sure, otherwise they *will* use this exploit against you.
A search on google yielded no results. Epoch has been notified of this problem.
Solution: Disable the script and/or modify it to not allow remote commands to be issued. Contact epoch for new updates that fix this security flaw or you may email
[email protected] for additional assistance.