RE: [sec] Re: Strange segmentation faults and Zombies
The problem is starting >>before<<
id
mkdir /etc/.rpn
...
you should think about all what's listening on a port:
- an outdated sshd? (!)
- security updates all up to date?
- known unclosed security hole?
- some nice scripts like 'rootshell.php'? ;)
- perl without tainting checks in cgi-bin?
etc.
etc.
Christian
-----Original Message-----
From: Markus Schabel [mailto:markus.schabel@tgm.ac.at]
Sent: Thursday, September 18, 2003 12:23 PM
To: debian-security@lists.debian.org
Subject: Re: [sec] Re: Strange segmentation faults and Zombies
maximilian attems wrote:
> On Thu, 18 Sep 2003, Christian Storch wrote:
>
>
>>Don't forget to try to find the potential hole first!
>>Otherwise you could have a fast recurrence.
>>[..]
>>
>>>>in /etc/.rpn theres a .bash_history with the following content:
>>>>
>>>>>id
>>>>>mkdir /etc/.rpn
>>>>>ps -aux
>>>>>ps -aux | grep tbk
>>>>>kill -15292 pid
>>>>>kill 15292
>>>>>netconf
>>>>>locate httpd.conf
>>>>>cd /etc/.rpn
>>>>>ls -al
>>>>>wget
>>>>>cd /var/www/cncmap/www/upload/renegade
>>>>>ls -al
>>>>>rm -rf phpshell.php
>
> ^__________^
> was this the exploited hole ?
I think so. In fact the problem is that it got there...
regards
Markus
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: