Re: apache / exe process taking 99 % cpu

To: debian-security@lists.debian.org
Subject: Re: apache / exe process taking 99 % cpu
From: Timo Veith <tv@rz-zw.fh-kl.de>
Date: Tue, 14 Sep 2004 10:54:43 +0200
Message-id: <[🔎] 200409141054.43336.tv@rz-zw.fh-kl.de>
In-reply-to: <[🔎] 41458D75.6090007@geocities.com>
References: <[🔎] 41458D75.6090007@geocities.com>

Am Montag, 13. September 2004 14:07 schrieb lami@geocities.com:
> I tried to download file at 142.176.141.5/tmp ("exe" file itself), but
> it says 404 not found. There are several IP adresses, so maybe someone
> will have better luck.

We have managed to catch the uploaded binary. After decompressing it with 
upx, we disassembled it with objdump -d but we are absolutely not 
familiar with assembler code and so have no idea what it does. Maybe 
someone wants to take a look? I can provide the code.

Also we tried to decompile the binary with boomerang. Unfortunately the 
decompilation stops with the error "floating point exception" and else 
produces no output. We got stuck there.

We tried fenries as well, but had no luck with that either. The 
installation of fenris failed with "your libc isn't stripped" or 
something and we have to investigate further how to fix this.

strace provides some interessting system calls. And again we are not 
experienced enough to tell what they do in detail. Maybe someone could 
help on this.

I am still unsure how far they have gotten into the system. But if there 
were a harmful whole the security team would have fixed it, wouldn't 
they?

Regards,

Timo

Reply to:

References:
- Re: Re: apache / exe process taking 99 % cpu
  - From: lami@geocities.com

Prev by Date: WE present consultations to help you understand your situation
Next by Date: ssh publickey auth
Previous by thread: Re: Re: apache / exe process taking 99 % cpu
Next by thread: To Wilkes's Shop Customers!
Index(es):
- Date
- Thread