Re: ***DEB*: Re: [sec] Re: Strange segmentation faults and Zombies

To: debian-security@lists.debian.org
Subject: Re: ***DEB*: Re: [sec] Re: Strange segmentation faults and Zombies
From: ICTO-Balie <ictobalie@bk.tudelft.nl>
Date: Fri, 19 Sep 2003 01:26:22 +0200
Message-id: <[🔎] 3F6A3F1E.4010505@bk.tudelft.nl>
Reply-to: X4DLS8NT@spammotel.com
In-reply-to: <[🔎] 3F6987A0.6010306@tgm.ac.at>
References: <[🔎] 3F68C446.7070606@tgm.ac.at> <[🔎] 20030917235236.1e9f2ffd.caf@glot.net> <[🔎] 3F6958B0.1020108@tgm.ac.at> <[🔎] 20030918071202.GA31631@deblin.org> <[🔎] 003901c37dbe$819527c0$6500a8c0@obelix> <[🔎] 20030918100930.GB558@mail.sternwelten.at> <[🔎] 3F6987A0.6010306@tgm.ac.at>

rm -rf phpshell.php



          ^__________^
was this the exploited hole ?



I think so. In fact the problem is that it got there...


probably uploaded somehow...
a upload-form, some web-script maybe?

check php permissions i'd say.
where was enr php-file located? do you know?

good luck, Jst.

Reply to:

References:
- Strange segmentation faults and Zombies
  - From: Markus Schabel <markus.schabel@tgm.ac.at>
- Re: Strange segmentation faults and Zombies
  - From: Laurent Corbes {Caf'} <caf@glot.net>
- Re: Strange segmentation faults and Zombies
  - From: Markus Schabel <markus.schabel@tgm.ac.at>
- Re: Strange segmentation faults and Zombies
  - From: Josh Carroll <josh.carroll@psualum.com>
- Re: Strange segmentation faults and Zombies
  - From: "Christian Storch" <storch@infra.net>
- Re: [sec] Re: Strange segmentation faults and Zombies
  - From: maximilian attems <debian@sternwelten.at>
- Re: [sec] Re: Strange segmentation faults and Zombies
  - From: Markus Schabel <markus.schabel@tgm.ac.at>

Prev by Date: Tiger (was: Remote update of ssh(d))
Next by Date: Sendmail package version weirdness
Previous by thread: RE: [sec] Re: Strange segmentation faults and Zombies
Next by thread: Re: Strange segmentation faults and Zombies
Index(es):
- Date
- Thread