On Sun, Nov 16, 2003 at 05:19:06AM +0100, Bernd Eckenfels wrote:
> In article <[EMAIL PROTECTED]> you wrote:
> > So what to do now? If /tmp was mounted ro, then none of the attacker's
> > tools could run (from this attack anyway)
>
> Read Only tmp? :) Now that is a funny idea. I can understand to
In article <[EMAIL PROTECTED]> you wrote:
> So what to do now? If /tmp was mounted ro, then none of the attacker's
> tools could run (from this attack anyway)
Read Only tmp? :) Now that is a funny idea. I can understand to restrict tmp
to root or to remove it totally, but why would one want to ha
On Sat, Nov 15, 2003 at 08:11:34PM -0600, Tom Goulet (UID0) wrote:
> If you have register globals off *or* safe mode on, this particular
> exploit is useless.
> If you had register globals on and safe mode off then he could run
> arbitrary programs as your Apache user. It's possible he could run
On Sun, Nov 16, 2003 at 05:19:06AM +0100, Bernd Eckenfels wrote:
> In article <[EMAIL PROTECTED]> you wrote:
> > So what to do now? If /tmp was mounted ro, then none of the attacker's
> > tools could run (from this attack anyway)
>
> Read Only tmp? :) Now that is a funny idea. I can understand to
In article <[EMAIL PROTECTED]> you wrote:
> So what to do now? If /tmp was mounted ro, then none of the attacker's
> tools could run (from this attack anyway)
Read Only tmp? :) Now that is a funny idea. I can understand to restrict tmp
to root or to remove it totally, but why would one want to ha
> If you have register globals off *or* safe mode on, this particular
> exploit is useless.
>
> If you had register globals on and safe mode off then he could run
> arbitrary programs as your Apache user. It's possible he could run a
> local root exploiting program, but that's not as likely.
>
> >
Our Firewall policy is very restricted. Outgoing connections are
blocke, only a few ports are possibly to connect and the incomming
connections are very restricted.
On Sun, 16 Nov 2003, Dion Mendel wrote:
> A quick analysis.
>
> * After testing that the php hole works (id;uname -a) and (c
On Sat, Nov 15, 2003 at 08:11:34PM -0600, Tom Goulet (UID0) wrote:
> If you have register globals off *or* safe mode on, this particular
> exploit is useless.
> If you had register globals on and safe mode off then he could run
> arbitrary programs as your Apache user. It's possible he could run
A quick analysis.
* After testing that the php hole works (id;uname -a) and (cd /tmp;ls),
the attacker downloads an executable 'c4'. This executable is then
run.
A quick reverse of this executable shows it to simply exec a shell and
bind to port 5678. Googling gives us this link to equi
> If you have register globals off *or* safe mode on, this particular
> exploit is useless.
>
> If you had register globals on and safe mode off then he could run
> arbitrary programs as your Apache user. It's possible he could run a
> local root exploiting program, but that's not as likely.
>
> >
Our Firewall policy is very restricted. Outgoing connections are
blocke, only a few ports are possibly to connect and the incomming
connections are very restricted.
On Sun, 16 Nov 2003, Dion Mendel wrote:
> A quick analysis.
>
> * After testing that the php hole works (id;uname -a) and (c
On Sat, Nov 15, 2003 at 09:10:00PM -0200, Carlos Eduardo Araujo Vieira wrote:
> Today the server was attacked using php+apache. Some user had a
> 'require $area.php' in his index.php file. The attacker using this he
> could execute some commands like entering the /tmp folder and downloading
A quick analysis.
* After testing that the php hole works (id;uname -a) and (cd /tmp;ls),
the attacker downloads an executable 'c4'. This executable is then
run.
A quick reverse of this executable shows it to simply exec a shell and
bind to port 5678. Googling gives us this link to equi
On Sat, Nov 15, 2003 at 09:10:00PM -0200, Carlos Eduardo Araujo Vieira wrote:
> Today the server was attacked using php+apache. Some user had a
> 'require $area.php' in his index.php file. The attacker using this he
> could execute some commands like entering the /tmp folder and downloading
Today the server was attacked using php+apache. Some user had a
'require $area.php' in his index.php file. The attacker using this he
could execute some commands like entering the /tmp folder and downloading
some files. Then he tried to execute a telnetd daemon with no success. In
the attac
Today the server was attacked using php+apache. Some user had a
'require $area.php' in his index.php file. The attacker using this he
could execute some commands like entering the /tmp folder and downloading
some files. Then he tried to execute a telnetd daemon with no success. In
the attac
on Fri, Nov 14, 2003 at 07:16:24AM +0200, Martynas Spokas ([EMAIL PROTECTED])
wrote:
> Hello,
Hi.
Please set your mailer/editor linewrap to 68-75 characters. I strongly
recommend 72 as a good default.
Thank you.
> I have a mail server and I'm trying to keep it total secure. I don't
> think I
on Fri, Nov 14, 2003 at 07:16:24AM +0200, Martynas Spokas ([EMAIL PROTECTED]) wrote:
> Hello,
Hi.
Please set your mailer/editor linewrap to 68-75 characters. I strongly
recommend 72 as a good default.
Thank you.
> I have a mail server and I'm trying to keep it total secure. I don't
> think I'
18 matches
Mail list logo
