Re: phpBB vulnerability exploited

To: debian-isp@lists.debian.org
Subject: Re: phpBB vulnerability exploited
From: Fraser Campbell <fraser@georgetown.wehave.net>
Date: Sun, 12 Dec 2004 22:17:19 -0500
Message-id: <[🔎] 200412122217.20006.fraser@georgetown.wehave.net>
In-reply-to: <[🔎] 362368499.20041212234642@onee.sk>
References: <[🔎] 362368499.20041212234642@onee.sk>

On Sunday 12 December 2004 17:46, Marek Podmaka wrote:
>   I don't want to give hints on how to exploit this, but the attacker
>   did wget the .tgz file, unpacked it in /tmp and run the program.
>
>   So update all your phpBB installations ASAP (and of course all
>   installations of your customers).

On a somewhat related note ...

I have the habit of mount /tmp with noexec,nosuid,nodev.  I also mount /usr 
and /boot ro.  These minor changes can prevent common automated attacks 
(probably the one you encountered) and don't cause any problems.

-- 
Fraser Campbell <fraser@wehave.net>                 http://www.wehave.net/
Georgetown, Ontario, Canada                               Debian GNU/Linux

Reply to:

Follow-Ups:
- Re[2]: phpBB vulnerability exploited
  - From: Marek Podmaka <marki@onee.sk>
- Re: phpBB vulnerability exploited
  - From: "Boris Pavlov" <edi@elib.minfin.bg>

References:
- phpBB vulnerability exploited
  - From: Marek Podmaka <marki@onee.sk>

Prev by Date: phpBB vulnerability exploited
Next by Date: Re: mail-bombing
Previous by thread: phpBB vulnerability exploited
Next by thread: Re[2]: phpBB vulnerability exploited
Index(es):
- Date
- Thread