Re: Security Breach ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 3 Mar 2005 00:11:26 -0500, Chris Strzelczyk
<cstrzelczyk@xxxxxxxxxxxxxxxxxxx> wrote:
> 
> On Mar 3, 2005, at 12:11 AM, Thomas Cameron wrote:
> 
> >
> > <snip>
> >
> > Look in /var/tmp - anything there called aVe or uselib24 or bots.txt?
> > Also, look in your /var/log/httpd area for anything weird in access_log
> > or error_log.
> 
> Yes, I did have a couple of PERL programs in /var/tmp.  One was called
> https and it is attached.
> As far as I understand this vulnerability it is limited to the user
> Apache is run by correct?
> 

The key question is  "As far as I understand this vulnerability it is
limited to the user Apache is run by correct?"

The answer is you don't know how far they went.

Once you have local access then you can use a second exploit to get
root access, or attack another system using the owned system.  If the
user apache was not configured properly then they may have been able
to steal the shadow file and crack your passwords.

Please do everyone a favor, if you have not already done this.  Pull
the plug, yes I mean this and I mean right now.  Don't power it back
up until you have the CD's to reload it, without a network connection.
 You have seen the rest in other posts.

May be it will help if you understand that CISSP is Certified
Information Systems Security Professional and requires a minimum of 2
years experience and passing a 6 hour exam.  In other words I'm not
just making this up.

-- 
Leonard Isham, CISSP
Ostendo non ostento.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux