Re: Debian Stable server hacked

To: "Thijs Welman" <thijs@balpol.tudelft.nl>, <debian-security@lists.debian.org>
Subject: Re: Debian Stable server hacked
From: "Teun Vink" <teun@moonblade.net>
Date: Wed, 6 Aug 2003 23:48:12 +0200
Message-id: <[🔎] 00f301c35c64$75ecbd00$5c844dd9@leto>
References: <[🔎] 3F310A43.9060101@balpol.tudelft.nl> <[🔎] 3F3116DE.2060005@etnsystems.com> <[🔎] 3F31253F.5000002@balpol.tudelft.nl>

----- Original Message ----- 
From: "Thijs Welman" <thijs@balpol.tudelft.nl>
To: <debian-security@lists.debian.org>
Sent: Wednesday, August 06, 2003 5:56 PM
Subject: Re: Debian Stable server hacked

> Thanx for the replies so far.
>
[...]
>
> Thought of that myself. Checked the apache logfiles and went through the
> scripts... i don't have any 'candidates' besides Horde-2.1/Imp-3.1 and
> squirrelmail-1.4.0. But then there's still the www-data -> root
question...
>

It is possible to write harmful php code which executes code on your server,
and use that to trigger a local root exploit. I've seen one of those
attempts one of my webservers, which tried to trigger a kernel exploit.
Luckily we upgraded that kernel some days before the attempt.

Regards,

Teun

Reply to:

References:
- Debian Stable server hacked
  - From: Thijs Welman <thijs@balpol.tudelft.nl>
- Re: Debian Stable server hacked
  - From: Rich Puhek <rpuhek@etnsystems.com>
- Re: Debian Stable server hacked
  - From: Thijs Welman <thijs@balpol.tudelft.nl>

Prev by Date: Re: Debian Stable server hacked
Next by Date: Re: Debian Stable server hacked
Previous by thread: Re: Debian Stable server hacked
Next by thread: Re: Debian Stable server hacked
Index(es):
- Date
- Thread