Re: Debian Stable server hacked
----- Original Message -----
From: "Thijs Welman" <firstname.lastname@example.org>
Sent: Wednesday, August 06, 2003 5:56 PM
Subject: Re: Debian Stable server hacked
> Thanx for the replies so far.
> Thought of that myself. Checked the apache logfiles and went through the
> scripts... i don't have any 'candidates' besides Horde-2.1/Imp-3.1 and
> squirrelmail-1.4.0. But then there's still the www-data -> root
It is possible to write harmful php code which executes code on your server,
and use that to trigger a local root exploit. I've seen one of those
attempts one of my webservers, which tried to trigger a kernel exploit.
Luckily we upgraded that kernel some days before the attempt.