Re: Strange segmentation faults and Zombies

To: debian-security@lists.debian.org
Subject: Re: Strange segmentation faults and Zombies
From: Matt Zimmerman <mdz@debian.org>
Date: Thu, 18 Sep 2003 11:27:32 -0400
Message-id: <[🔎] 20030918152732.GE31042@alcor.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 3F6958B0.1020108@tgm.ac.at>
References: <[🔎] 3F68C446.7070606@tgm.ac.at> <[🔎] 20030917235236.1e9f2ffd.caf@glot.net> <[🔎] 3F6958B0.1020108@tgm.ac.at>

On Thu, Sep 18, 2003 at 09:03:12AM +0200, Markus Schabel wrote:

> in the directory /var/www/cncmap/www/upload/renegade there are the
> following files: backhole.pl
> e.c ("Copyright (c) 2003 DTORS Security, ANGELO ROSIELLO 18/02/2003, 
> LES-EXPLOIT for Linux x86")
> rem.php (phpRemoteView)
> 
> so we got hacked :(

You must not allow users to upload files to locations where they can be
executed as programs by the web server (such as PHP, CGI, etc.).  This
configuration is easily abused to gain arbitrary access to the system.

I'd be interested in finding out how they got from www-data to root, though
(assuming your system is up-to-date with security updates).

-- 
 - mdz

Reply to:

References:
- Strange segmentation faults and Zombies
  - From: Markus Schabel <markus.schabel@tgm.ac.at>
- Re: Strange segmentation faults and Zombies
  - From: Laurent Corbes {Caf'} <caf@glot.net>
- Re: Strange segmentation faults and Zombies
  - From: Markus Schabel <markus.schabel@tgm.ac.at>

Prev by Date: Re: [sec] Re: Strange segmentation faults and Zombies
Next by Date: Re: [sec] Re: Strange segmentation faults and Zombies
Previous by thread: Re: Strange segmentation faults and Zombies
Next by thread: Re: Strange segmentation faults and Zombies
Index(es):
- Date
- Thread