-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 5/2/13 7:42 AM, Mark Thomas wrote: > On 02/05/2013 12:29, Jess Holle wrote: >> http://blogs.cisco.com/security/linuxcdorked-faqs/ claims this is >> not a cPanel vulnerability per se... > > To quote the relevant part of that article: > > <quote> How are attackers gaining access to the host servers? How > the attackers are gaining root access to begin with is a separate > matter, still unresolved. Attackers may have stolen login > credentials via phishing, or via a localized infection on a > management system, or simply by brute-force guessing the login. > </quote> > > httpd is simply the vehicle the attackers are using to run their > malware *once they already have root access* > > There is no Apache http vulnerability to see here. Move along. Move > along. Didn't you know that 'rm' was vulnerable on Linux?!?! An attacker with escalated privileges can -- through clever use of this misunderstood command with code so complicated, that this enormous vulnerability went unnoticed for decades -- wreak havoc on any Linux system connected to the iterwebs. The only plausible mitigation of this egregious vulnerability is to uninstall the 'rm' package or switch to a more secure OS. ... The fact that this exploit is being called Linux/CDorked leads me to believe that cPanel is definitely the vector. Why the attackers decided to use httpd and not the gopher-over-uucp service is beyond me. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJRgqIuAAoJEBzwKT+lPKRYCloQAKEUioBthFMYvLPkCk41B+pb fVXyMwouHbG3HrJzzt8AP+7PtcJvqRwtsBYjOlzrxlbUyOhusKsucZGGAgy4ftWz aH8iVRFenU43y5yd3GEep0eS8WaRpc9SFqGN/lEVElAQgR0ukK3iZqJUlskN8tra x4mthXTtBGrPgA5L4lwZtkSasrqO74QrjNCqQ1lXKWDpB16HCi16DyTNCF3tGXV3 wuCIr7HtHdNHS0gbK+7yq0K02BArBj+HQ7ol13h6KIYGGhlLtehRD7e+gY1nfdQ7 ILwrX/knzQV/R6X+x4L1vP7sHI4nYjROVPtj3R15JB/Dcvj2F1wdiYulk8AYLfQD 3caDOzt616MKvWU4rQTtVlAWKkIcsHCyka2KGn8Yb+e2EYx2nd6p5SDGw87gxvgv Er/nrlHbIjMZfbvkcrMF/jgKx7CVA2lqpqBleUCjBJUoBxCz57AoaBvq6PiEKySJ kflCiSAA/Z6zoHl5Pt0Dzjd6We4bEohdWiMQNbFCZCLnrliqBK5Zls7Kww7k4QZ8 z/zDyJ2sT/NZIAwdVj/tafZq5pS8tp6FzPo7WOGTC8F+SAzqPAlgh8SAsgAZHMGs iY7oocCu5C/3hfAtgcGDJIPhLIbb7Eyi3Fyi/0olP6v4RqxrumH+i1EfgKuV58uP r3NWLf3DUOhP+nf+08Ix =kyVJ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
