Re: phpBB vulnerability exploited

To: debian-isp@lists.debian.org
Subject: Re: phpBB vulnerability exploited
From: Wacquiez Sébastien <sw@enix.org>
Date: Wed, 12 Jan 2005 07:50:25 +0100
Message-id: <[🔎] 41E4C8B1.4030206@enix.org>
Reply-to: sw@enix.org
In-reply-to: <200412122217.20006.fraser@georgetown.wehave.net>
References: <362368499.20041212234642@onee.sk> <200412122217.20006.fraser@georgetown.wehave.net>

Fraser Campbell wrote:

On Sunday 12 December 2004 17:46, Marek Podmaka wrote:
 I don't want to give hints on how to exploit this, but the attacker
 did wget the .tgz file, unpacked it in /tmp and run the program.

 So update all your phpBB installations ASAP (and of course all
 installations of your customers).
On a somewhat related note ...
I have the habit of mount /tmp with noexec,nosuid,nodev. I also mount /usrand /boot ro. These minor changes can prevent common automated attacks(probably the one you encountered) and don't cause any problems.

It can cause probleme with the default invocation of logrotate (Startingwith version ... huu ... 7.something.somethingelse, the postrotatescript is dumped in a file and executed (before, it was in a system()).

But you can quickfix this problem with an export of TMPDIR in thecrontab script (of logrotate).



Wacquiez Sébastien

Reply to:

Prev by Date: Re: phpBB vulnerability exploited
Next by Date: UNSUBSCRIBE
Previous by thread: Re: phpBB vulnerability exploited
Next by thread: UNSUBSCRIBE
Index(es):
- Date
- Thread