On Sunday 12 December 2004 17:46, Marek Podmaka wrote:
I don't want to give hints on how to exploit this, but the attacker
did wget the .tgz file, unpacked it in /tmp and run the program.
So update all your phpBB installations ASAP (and of course all
installations of your customers).
On a somewhat related note ...
I have the habit of mount /tmp with noexec,nosuid,nodev. I also mount /usr
and /boot ro. These minor changes can prevent common automated attacks
(probably the one you encountered) and don't cause any problems.