Re: phpBB vulnerability exploited
Fraser Campbell wrote:
On Sunday 12 December 2004 17:46, Marek Podmaka wrote:
I don't want to give hints on how to exploit this, but the attacker
did wget the .tgz file, unpacked it in /tmp and run the program.
So update all your phpBB installations ASAP (and of course all
installations of your customers).
On a somewhat related note ...
I have the habit of mount /tmp with noexec,nosuid,nodev. I also mount /usr
and /boot ro. These minor changes can prevent common automated attacks
(probably the one you encountered) and don't cause any problems.
It can cause probleme with the default invocation of logrotate (Starting
with version ... huu ... 7.something.somethingelse, the postrotate
script is dumped in a file and executed (before, it was in a system()).
But you can quickfix this problem with an export of TMPDIR in the
crontab script (of logrotate).