[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: phpBB vulnerability exploited

Fraser Campbell wrote:
On Sunday 12 December 2004 17:46, Marek Podmaka wrote:

 I don't want to give hints on how to exploit this, but the attacker
 did wget the .tgz file, unpacked it in /tmp and run the program.

 So update all your phpBB installations ASAP (and of course all
 installations of your customers).

On a somewhat related note ...

I have the habit of mount /tmp with noexec,nosuid,nodev. I also mount /usr and /boot ro. These minor changes can prevent common automated attacks (probably the one you encountered) and don't cause any problems.

It can cause probleme with the default invocation of logrotate (Starting with version ... huu ... 7.something.somethingelse, the postrotate script is dumped in a file and executed (before, it was in a system()).

But you can quickfix this problem with an export of TMPDIR in the crontab script (of logrotate).

Wacquiez Sébastien

Reply to: