Re: phpBB vulnerability exploited

To: debian-isp@lists.debian.org
Subject: Re: phpBB vulnerability exploited
From: "Boris Pavlov" <edi@elib.minfin.bg>
Date: Mon, 13 Dec 2004 13:44:41 +0200
Message-id: <[🔎] 20041213114441.24747.qmail@pechkin.minfin.bg>
In-reply-to: <[🔎] 200412122217.20006.fraser@georgetown.wehave.net>
References: <[🔎] 362368499.20041212234642@onee.sk> <[🔎] 200412122217.20006.fraser@georgetown.wehave.net>

better look at your php4 settings:limit with php opendir. make another tmp directory, and set php temp dir,with all permissions you want. limit the system function, if you don't needit. they are a per-vhost apache settings, check the manuals.wwell ediFraser Campbell writes:

On Sunday 12 December 2004 17:46, Marek Podmaka wrote:
  I don't want to give hints on how to exploit this, but the attacker
did wget the .tgz file, unpacked it in /tmp and run the program.
  So update all your phpBB installations ASAP (and of course all
  installations of your customers).
On a somewhat related note ...I have the habit of mount /tmp with noexec,nosuid,nodev. I also mount /usrand /boot ro. These minor changes can prevent common automated attacks(probably the one you encountered) and don't cause any problems.
--
Fraser Campbell <fraser@wehave.net>                 http://www.wehave.net/
Georgetown, Ontario, Canada Debian GNU/Linux

Reply to:

Follow-Ups:
- Re: phpBB vulnerability exploited
  - From: "Francesco P. Lovergine" <frankie@debian.org>

References:
- phpBB vulnerability exploited
  - From: Marek Podmaka <marki@onee.sk>
- Re: phpBB vulnerability exploited
  - From: Fraser Campbell <fraser@georgetown.wehave.net>

Prev by Date: postgrey 1.17rc2 Debian packages
Next by Date: Re: phpBB vulnerability exploited
Previous by thread: Re: phpBB vulnerability exploited
Next by thread: Re: phpBB vulnerability exploited
Index(es):
- Date
- Thread